Spartan Pools v1 Exploited Using Flash Loans, $30m Hacked.

Binance Smart Chain (BSC) network has experienced another hack with the recent Spartan Pool exploit. The exploit appears to be a sophisticated and expensive one as details unravel.

Spartan V1 Pools Exploited

The Tweet from Spartan Protocol signalling to the Crypto Twitter (CT) community of a code exploit that successfully drained the V1 LP pool shows a sophisticated and expensive hack.

Spartan has outlined the transaction details from Bscscan, showing the successful transactions that resulted in the exploit on the pool. As outlined by the Tweet, $61 million in Binance coin (BNB) was used in an economic exploit to overcome the pools, removing roughly $30 million in funds.

BSCscan Proof of Transaction indicating the Spartan Pool Exploit

Details of What Happened

As shared by PeckShield Inc via their detailed Medium blog, the incident occurred due to flawed logic. This error was apparent in calculating the liquidity share when the pool token is burned to withdraw the underlying assets. 

The Exploited Spartan Code

In particular, the specific hack inflates the asset balance of the pool before burning the same amount of pool tokens. It allowed the exploiter to claim an unnecessarily large amount of underlying assets. The consequence of this attack results in more than a $30M loss from the affected pool. The incident, also connected to a flash loan on PancakeSwap, serves as the medium through which the hacker borrowed the $61 million worth of BNB to drain the pool. This is a devastating hack for the protocol LP users.

Source :

Leave a Reply

Your email address will not be published. Required fields are marked *