Days after the Uranium Finance protocol was exploited and $ 50 million exposed, another Binance Smart Chain protocol was attacked. Spartan Protocol was attacked on Sunday, exposing around $ 30 million. In a blog post, PeckShield Inc., a leading blockchain security company investigating the hack, said that the attackers were able to exploit a flawed liquidity share calculation in the protocol to drain the digital assets of one of the groups.
"In particular, the specific trick inflates the pool's asset balance before burning the same number of the pool's tokens to claim an unnecessarily large amount of underlying assets."
The wallet containing the stolen funds has since been identified and both PeckShield Inc and the Spartan team are monitoring it for any movement. While the funds are in motion and especially if there is an attempted sale, it is easier to identify the culprits.
According to a Twitter posted a few hours after the attack, the project has plans to recover and rebuild.
Despite the project admitting that the exploitation was caused by a flaw in its coding, investors have once again yelled at Binance and Changpeng Zhao, the CEO, for action. However, there appears to be little that he or Binance, as a company, can do for investors.
According to Rekt, this becomes the sixth largest farm in the DeFi space. The top five are the $ 59 million from EasyFi, the $ 32 million from Meerkat Finance, the $ 45 million from Kucoin, the $ 37.5 million from Alpha Finance, and the most recent, the $ 50 million from Uranium Finance.
The recurrence of exploits on BSC has been accelerated by the fast transactions and cheap rates offered on Binance Smart Chain (BSC). These have made it the preferred network for attackers and even sinister developers looking to steal from investors, commonly known as "rug pull." Additionally, simple, underfunded, and less secure protocols are being largely implemented in the BSC, for the same reasons mentioned above, and these vulnerable protocols have become easy options for attackers.
The end of Uranium Finance
Uranium Finance, allegedly a rug pull, recently published a blog explaining the attack to the victims. In the post, the team confirmed a number of critical issues beyond the technical aspect of the attack. First, in collaboration with the Binance security team, the team is still committed to recovering the stolen funds. Similarly, the wallets containing the funds are still on the Binance Smart Chain and are being watched. Finally, the team has no intention of taking the project back under the circumstances.