Spartan Protocol’s System Breached, Over $30 Million Drained from Project

Malicious attacks have swiftly replaced crypto scams as the new favorite way bad actors get their hands on other people’s cryptocurrencies.

In a year that has seen crypto getting more recognition, many protocols have been subject to hacks, and the latest is liquidity and synthetics asset provider Spartan Protocol.

Spartan Protocol Loses $30 Million

Binance Smart Chain hosted decentralized platform Spartan Protocol is the latest victim of a malicious attack that saw over $30 million worth of investors’ funds disappear into thin air.

The attack, which was noted by on-chain analysis and security startup PeckShield on Sunday, showed that the hackers could perpetuate the crime due to a flawed liquidity share calculation in the protocol. This anomaly served as the gateway through which the bad actors were able to drain assets from the pool.

7/12

The exploit was possible because Spartan used current balances instead of cached balances (like Uniswap) to calculate LP tokens value.

Since the number of LP tokens did not increase, each LP token allowed to drain more tokens. pic.twitter.com/HIN930xzVY

— Igor Igamberdiev (@FrankResearcher) May 2, 2021

In supplying the details surrounding the unfortunate incident, PeckShield said that the hacker inflated the asset balance of the pool before burning the same amount of pool tokens to claim a large portion of the underlying asset.

Also, in the Medium blog post posted by the security outfit, the attacker likely perpetrated the crime by borrowing a flash loan from popular decentralized exchange PancakeSwap with 10K Wrapped Binance Coin (WBNB).

Following a list of trades, the attacker swapped the borrowed coins for Spartan tokens until they could drain the affected pool.

In a tweet, Spartan Protocol confirmed the news noting that the attacker used $61 million worth of Binance proprietary coins BNB to commit the crime through a yet unidentified economic exploit path.

What we know so far –
*Attacker used $61m in BNB to overcome the pools via a as yet unknown economic exploit path to remove roughly $30m in funds from the pools.

Reach out if you can help identify and analyse the exploit.https://t.co/aNTvdzKOeF

CC @RektHQ @samczsun @bneiluj

— Spartan Protocol (@SpartanProtocol) May 2, 2021

This saw the attacker get away with $30 million in funds from the pool.

DeFi Monetary Loss Growing Daily

The attack on Spartan Protocol is among a growing number of malicious attacks on decentralized protocols in the past couple of months. A few days earlier, fellow Binance Smart Chain hosted protocol Uranium Finance lost $50 million in investor funds.

According to investigations, the attacker could withdraw the funds due to a vulnerability bug in its pair contracts in Uranium v2 contracts.

Other top affected DeFi protocols are EasyFi which lost $59 million, Kucoin with a $45 million loss, Alpha Finance with a $37.5 million loss; and Meerkat Finance lost $32 million from malicious attacks.

Spartan Protocol’s hack makes it the sixth-largest monetary Loss in the history of DeFi, according to Rekt.