Spartan Protocol V1 Pools Exploited For Roughly $30M, Here’s What We Know So Far

Earlier today, Spartan Protocol tweeted that a hacker exploited their V1 pools. The team assured that they were aware of the issue and were investigating the exploit. They also called out to their community for help.

“Spartan Pools v1 exploited - team are aware and investigating.”

Famous blockchain journalist “Wu Blockchain” also weighed in on the incident, noting that Binance is assisting with the investigation:

“BSC's early imitating Synthetix project was hacked, and it landed on Binance Exchange in September 2020. Spartan Protocol stated that it is cooperating with Binance to recover the stolen funds.”

So, What Exactly Happened?

Apparently, an attacker used $61 million in BNB to conduct a Flash Loan attack on the Binance Smart Chain and siphon out a staggering $30 million in funds from the Spartan pools. As per PeckShield, this is the first proper Flash Loan attack on Binance Smart Chain. In a flash loan attack, the hacker lends a large amount of money to cause price fluctuation and then profit from it.

What Was The Attack Process Used?

Here is a summary of how the attack went down, as detailed by a report shared by Wu Blockchain.

• First, the hacker borrowed 10,000 WBNB from PancakeSwap.
• The attacker then changed the WBNB into SPARTA tokens five times in the Spartan pool. The attacker then injected these tokens into liquidity pools and minted around 933,351 SpartanPoolV1-Wrapped BNB (SPT1-WBNB) tokens.
• After that, the attacker repeated the same technique to convert WBNB into SPARTA ten more times in the vulnerable exchange pool.
• Now, the attacker transferred all the SPARTA tokens they have obtained and locked them up in a liquidity pool to raise the price artificially.
• The hacker then burned the 933,351 SPT1-WBNB tokens. During this entire process, the hacker made a profit of 9,000 WBNB;
• Finally, the hacker injected the pool tokens obtained in the fourth step above to provide liquidity and then initiated the burn mechanism to obtain a little over 2,643,882 SPARTA and almost 21,555 WBNB.

PeckShield's Post-Mortem

As per a Medium post revealed by PeckShield, an industry-leading blockchain security company, this incident happened due to a flawed logic in calculating the liquidity share when the pool token is burned to withdraw the underlying assets. In particular, the hack “inflates the asset balance of the pool before burning the same amount of pool tokens to claim an unnecessarily large amount of underlying assets.”

As per a PeckShield spokesperson:

“The DeFi protocol developer should self-check the code after the attack. If you don’t understand this, A professional audit agency should be found to conduct audits and research to prevent problems before they happen."

Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.