{"id":41725,"date":"2021-05-02T13:22:43","date_gmt":"2021-05-02T10:22:43","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=41725"},"modified":"2025-08-30T20:03:39","modified_gmt":"2025-08-30T17:03:39","slug":"hacker-drains-30-million-in-spartan-protocol-tokens-from-defi-protocol","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/hacker-drains-30-million-in-spartan-protocol-tokens-from-defi-protocol\/","title":{"rendered":"Hacker drains $30 million in Spartan Protocol tokens from DeFi protocol"},"content":{"rendered":"<p>An attacker targeted the Binance Smart Chain (BSC)-based decentralized finance project Spartan Protocol and drained about $30 million from its liquidity pools.<\/p>\n<blockquote class=\"twitter-tweet\" data-lang=\"en\">\n<p lang=\"en\" dir=\"ltr\">What we know so far \u2014<br \/>*Attacker used $61m in BNB to overcome the pools via a as yet unknown economic exploit path to remove roughly $30m in funds from the pools.<\/p>\n<p>Reach out if you can help identify and analyse the exploit.<a href=\"https:\/\/t.co\/aNTvdzKOeF\">https:\/\/t.co\/aNTvdzKOeF<\/a><\/p>\n<p>CC <a href=\"https:\/\/twitter.com\/RektHQ?ref_src=twsrc%5Etfw\">@RektHQ<\/a> <a href=\"https:\/\/twitter.com\/samczsun?ref_src=twsrc%5Etfw\">@samczsun<\/a> <a href=\"https:\/\/twitter.com\/bneiluj?ref_src=twsrc%5Etfw\">@bneiluj<\/a><\/p>\n<p>\u2014 Spartan Protocol (@SpartanProtocol) <a href=\"https:\/\/twitter.com\/SpartanProtocol\/status\/1388669192228929539?ref_src=twsrc%5Etfw\">May 2, 2021<\/a><\/p><\/blockquote>\n<p> <script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>An attacker targeted the Binance Smart Chain (BSC)-based DeFi project Spartan Protocol and drained about $30 million from its liquidity pools.<\/p>\n<p>Spartan Protocol also said that they are attempting to recover the withdrawn funds and have reached out to Binance.<\/p>\n<blockquote class=\"twitter-tweet\" data-lang=\"en\">\n<p lang=\"en\" dir=\"ltr\">What happens now?<br \/>1) Understand the bug<br \/>2) Try and get remaining funds back to members involved<br \/>3) Work with Binance on recovery of stolen funds<br \/>4) Get back to shipping V2<\/p>\n<p>\u2014 Spartan Protocol (@SpartanProtocol) <a href=\"https:\/\/twitter.com\/SpartanProtocol\/status\/1388654212024705024?ref_src=twsrc%5Etfw\">May 2, 2021<\/a><\/p><\/blockquote>\n<p> <script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Analysts at PeckShield disclosed the attack mechanism, finding that the attacker exploited a vulnerability in how the protocol determines liquidity shares. The hacker inflated the pool balance before burning tokens in it to withdraw an excessive amount of base assets.<\/p>\n<p>For the attack, he borrowed a flash loan on the PancakeSwap protocol of 100 000 BNB, which he then repaid, paying a fee of 260 BNB.<\/p>\n<blockquote class=\"twitter-tweet\" data-lang=\"en\">\n<p lang=\"en\" dir=\"ltr\">Detailed analysis of the bug in Spartan Protocol v1.<\/p>\n<p>Where to now?<\/p>\n<p>Community fund a <a href=\"https:\/\/t.co\/mfghq1UJjH\">https:\/\/t.co\/mfghq1UJjH<\/a> for Spartan Protocol v2.<\/p>\n<p>Rebuild the shield wall.<a href=\"https:\/\/t.co\/s11s9rWTtA\">https:\/\/t.co\/s11s9rWTtA<\/a><\/p>\n<p>\u2014 Spartan Protocol (@SpartanProtocol) <a href=\"https:\/\/twitter.com\/SpartanProtocol\/status\/1388789870051528704?ref_src=twsrc%5Etfw\">May 2, 2021<\/a><\/p><\/blockquote>\n<p> <script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>According to <a href=\"https:\/\/www.coingecko.com\/en\/coins\/spartan-protocol-token\" target=\"_blank\" rel=\"noreferrer noopener\">CoinGecko<\/a>, the Spartan Protocol token (SPARTA) price, which had reached $1.71 on May 1, briefly fell to $1. As of writing, the quotes are around $1.15.<\/p>\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"579\" height=\"374\" src=\"https:\/\/u1f987.com\/wp-content\/uploads\/Spartan-Protocol-Token-price-SPARTA-price-index-chart-and-info-CoinGecko-Google-Chrome.jpg\" alt=\"\u0425\u0430\u043a\u0435\u0440 \u0432\u044b\u0432\u0435\u043b \u0438\u0437 DeFi-\u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 Spartan \u0442\u043e\u043a\u0435\u043d\u044b \u043d\u0430 $30 \u043c\u043b\u043d\" class=\"wp-image-133506\" srcset=\"https:\/\/u1f987.com\/wp-content\/uploads\/Spartan-Protocol-Token-price-SPARTA-price-index-chart-and-info-CoinGecko-Google-Chrome.jpg 579w, https:\/\/u1f987.com\/wp-content\/uploads\/Spartan-Protocol-Token-price-SPARTA-price-index-chart-and-info-CoinGecko-Google-Chrome-300x194.jpg 300w\" sizes=\"auto, (max-width: 579px) 100vw, 579px\" \/><figcaption>Data: CoinGecko.<\/figcaption><\/figure>\n<p><span class=\"old_tooltip\" data-descr=\"In January, an unknown party exploited a vulnerability in the Iron Bank DeFi protocol and withdrew tokens <a href=\"https:\/\/u1f987.com\/en\/news\/hacker-drains-37-5-million-from-cream-finance-defi-protocol\">totaling $37.5 million<\/a>.&#8221;><\/span><\/p>\n<p>In January, an unknown party exploited a vulnerability in the Iron Bank DeFi protocol and withdrew tokens <a href=\"https:\/\/u1f987.com\/en\/news\/hacker-drains-37-5-million-from-cream-finance-defi-protocol\">totaling $37.5 million<\/a>.<\/p>\n<p>In April, the lending protocol EasyFi <a href=\"https:\/\/u1f987.com\/en\/news\/defi-project-easyfi-loses-6-million-in-hack\">lost $6 million<\/a> as a result of an attack, in which hackers gained remote access to the founder and CEO Ankitta Gaura&#8217;s computer and MetaMask wallet.<\/p>\n<p>Subscribe to ForkLog news on <a href=\"https:\/\/vk.com\/forklogcom\" target=\"_blank\" rel=\"nofollow noopener\">VK<\/a>!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>An attacker targeted the Binance Smart Chain (BSC)-based DeFi project Spartan Protocol and drained about $30 million from its liquidity pools.<\/p>\n","protected":false},"author":1,"featured_media":41726,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1301,1154,1093],"class_list":["post-41725","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-blockchain-vulnerabilities","tag-crimes","tag-defi"],"aioseo_notices":[],"amp_enabled":true,"views":"28","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/41725","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=41725"}],"version-history":[{"count":1,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/41725\/revisions"}],"predecessor-version":[{"id":41727,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/41725\/revisions\/41727"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/41726"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=41725"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=41725"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=41725"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}