The newest DeFi exploit cost Impossible Finance $500,000 in losses.
In a flash loan attack, Impossible Finance, a decentralized finance (DeFi) system on the Binance Smart Chain, was attacked for $500,000.
A flash loan attack is a form of DeFi exploit in which hackers take an uncollateralized loan from a lending protocol and manipulate the market in their favor through a series of technological tactics.
On June 21, an attack on the Impossible Finance liquidity pool resulted in the loss of 229.84 Ethereum (ETH), which was worth $500.000 at the time of the exploit.
Hackers used a counterfeit token to initiate a flash loan attack in order to deplete the protocol’s liquidity pool.
Service of auditing The attack, according to WatchPug, involves a series of swaps at almost the same price, depleting the liquidity pool, which is “normally impossible.”
At 4 AM UTC, Jun 21, $0.5M was stolen from Impossible Finance.
The hacker made multiple swaps in a row at about the same price and drained the LP, which is usually impossible.
How does Impossible Finance make the impossible possible?
Read our analysis:https://t.co/3r0p1dOFWz
— WatchPug (@WatchPug_) June 21, 2021
Multiple swaps of the protocol’s native Impossible Finance token (IF) to Binance USD stablecoin (BUSD) and then to Binance Coin, the protocol’s native coin, were possible thanks to a bug in the pool’s smart contract (BNB).
According to Mudit Gupta, a core developer of SushiSwap, the breach was not very inventive, and it exploited a vulnerability similar to the recent attack on the BurgerSwap protocol, which was also built on the Binance Smart Chain and in which $7.2 million was taken.
Impossible finance got exploited today for $500k.https://t.co/mzCPRluOjn
Same exploit as the burger swap one:https://t.co/3PkVtn7Hi7
If the original project gets hacked, why don’t the forks react?
— Mudit Gupta (@Mudit__Gupta) June 21, 2021
Impossible Finance issued a statement about the occurrence through the official announcement channel, claiming to have set up an insurance fund.
All user funds entered into liquidity pools previous to the attack will be fully reimbursed; however, all liquidity pool incentives have been halted, and users are advised not to add or withdraw funds for the IF/BUSD and IF/BNB pairs.
After the network issued a public “request for action” to developers, Impossible Finance joined other flash loan exploits on the Binance Smart Chain, such as Pancake Bunny and Belt Finance.
Copycat? Serial? All of the DeFi predators have yet to be profiled in the space.
