Binance Smart Chain (BSC) based DeFi protocol, Bearn.Fi has been targeted by hackers in an $11 million heist. According to a report by PeckShield Inc., a blockchain security company that claims to be focused on elevating the security, privacy, and usability of the blockchain ecosystem, the attack was launched on May 16, at exactly 10:36 AM +UTC.
‘BearnFi’s BvaultsBank contract was exploited to drain about $11 million of users’ funds from the pool. The incident was due to a bug in its internal withdraw logic in inconsistently reading the same input amount but with different asset denomination between BvaultsBank and the associated strategy BvaultsStrategy.”
The incident was the result of the improper implementation of the withdraw function, the report explained, adding that a mistake in using the smart contract from its launch allowed the strategy to withdraw more BUSD than needed.
The attacker took out a flash loan on Cream Finance for 7.8 million BUSD and used this to deposit and withdraw from the bVaults around 30 times. After this, the attacker withdrew 8.26 million BUSD and repaid the flash loan.
bEarn contacted Binance to get the attackers address blocked and prevent them from transferring funds. It also froze all of its bVaults to prevent any further losses and contacted security firms to analyze the code. A snapshot was also taken of liquidity providers addresses in order to work on a compensation plan.
The platform announced:
“We will create a compensation fund which will consist of a combination of the remaining saved funds, Dev Fund, DAO Fund and a portion of fees generated by the protocol.”
At the time of writing, bEarn’s algorithmic stablecoin had dumped 11% on the day and was trading well below a dollar at $0.24.
Users will be compensated with 87.5% of their deposits in BUSD immediately with an additional 7.5% in BDOv2 (bDollar) tokens. The final 10% will be in BDEX which will be released over time, resulting in a total recompense of 105%.
As attacks escalate, compensation plans are becoming more frequent and it’s likely that all DeFi projects will need to allocate a slice of their token supply for such purposes.
While bEarn customers were definitely happy to hear the news, some pointed out that the immediacy of compensations after a hack may create a “distorted perception of risk” for DeFi users and devalue insurance protocols. Promising a full compensation just a few hours after a hack seems to become a common theme. It creates a distorted perception of risk for the users and hurts the adoption of insurance protocols. DeFi has grown far past the value where these expectations hold true.
Put your money to work with Botsfolio. Check products
Whenever you feel like, open the dashboard to track your investment fund taking shape and bringing in returns.
View Latest Performance of Trading Bots on our Platform.
As per the latest data released from Bitcoin network tracker Bitnodes.io, on July 5 the n…
The country with the largest population in Africa seems to be interested in cryptocurrenc…
MicroStrategy currently holds the most Bitcoin on its balance sheet out of all publicly t…
Over the past week, Bitcoin shed 4.21% of its value and was trading in the $33k range. Wh…
XRP’s value has plunged by nearly 40%, from the peak of $1.70. This crash has cost many i…
Dogecoin (DOGE) has been making news in April. Initially, it was trading in its usual $0.…