{"id":43412,"date":"2021-05-30T09:47:24","date_gmt":"2021-05-30T06:47:24","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=43412"},"modified":"2025-08-31T03:32:19","modified_gmt":"2025-08-31T00:32:19","slug":"hacker-stole-6-2-million-from-belt-finance-defi-protocol","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/hacker-stole-6-2-million-from-belt-finance-defi-protocol\/","title":{"rendered":"Hacker stole $6.2 million from Belt Finance DeFi protocol"},"content":{"rendered":"<p>The hacker stole $6.2 million from Belt Finance, a DeFi protocol built on the Binance Smart Chain (BSC).<\/p>\n<p><!--more--><\/p>\n<blockquote class=\\\"twitter-tweet\\\">\n<p lang=\\\"en\\\" dir=\\\"ltr\\\">1\/8<\/p>\n<p>New weekend \u2014 a new attack on BSC DeFi protocol.<\/p>\n<p>Today $6.2M in BUSD was stolen from Belt Finance in 8 transactions.<\/p>\n<p>Below is what happened\ud83d\udc47 <a href=\\\"https:\/\/t.co\/1URb9sJud0\\\">pic.twitter.com\/1URb9sJud0<\/a><\/p>\n<p>\u2014 Igor Igamberdiev (@FrankResearcher) <a href=\\\"https:\/\/twitter.com\/FrankResearcher\/status\/1398772580602060804?ref_src=twsrc%5Etfw\\\">May 29, 2021<\/a><\/p><\/blockquote>\n<p> <script async=\\\"\\\" src=\\\"https:\/\/platform.twitter.com\/widgets.js\\\" charset=\\\"utf-8\\\"><\/script><\/p>\n<blockquote class=\\\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\\\">\n<p>\u00abA new weekend \u2014 another attack on a DeFi protocol based on BSC. Today $6.2 million in BUSD was stolen from Belt Finance in eight transactions\u00bb, wrote The Block researcher Igor Igamberdiev.<\/p>\n<\/blockquote>\n<p>According to his observations, the attacker borrowed $385 million in BUSD on PancakeSwap. After that, he deposited $10 million into the bEllipsisBUSD strategy.<\/p>\n<blockquote class=\\\"twitter-tweet\\\" data-conversation=\\\"none\\\">\n<p lang=\\\"en\\\" dir=\\\"ltr\\\">2\/8<\/p>\n<p>Each transaction looked like this:<\/p>\n<p>1) Used 8 flash loans on $385M BUSD from PancakeSwap<\/p>\n<p>2) Deposited 10M BUSD in bEllipsisBUSD strategy (only for the first transaction, where it was the \u2018Most Insufficient Strategy\u2019) <a href=\\\"https:\/\/t.co\/JRgDSgub6F\\\">pic.twitter.com\/JRgDSgub6F<\/a><\/p>\n<p>\u2014 Igor Igamberdiev (@FrankResearcher) <a href=\\\"https:\/\/twitter.com\/FrankResearcher\/status\/1398772587572908032?ref_src=twsrc%5Etfw\\\">May 29, 2021<\/a><\/p><\/blockquote>\n<p> <script async=\\\"\\\" src=\\\"https:\/\/platform.twitter.com\/widgets.js\\\" charset=\\\"utf-8\\\"><\/script><\/p>\n<p>The hacker deployed $187 million in BUSD to the bVenusBUSD strategy and repeated these steps more than seven times. Then swapped $190 million in BUSD for $169 million in USDT via Ellipsis.<\/p>\n<blockquote class=\\\"twitter-tweet\\\" data-conversation=\\\"none\\\">\n<p lang=\\\"en\\\" dir=\\\"ltr\\\">3\/8<\/p>\n<p>3) Deposited 187M BUSD to bVenusBUSD strategy (\u2018Most Insufficient Strategy\u2019)<\/p>\n<p>\u2757\ufe0fThe following steps are repeated seven+ times \ud83d\udd04<\/p>\n<p>4) Swapped 190M BUSD to 169M USDT through Ellipsis <a href=\\\"https:\/\/t.co\/HTwrhkuuu6\\\">pic.twitter.com\/HTwrhkuuu6<\/a><\/p>\n<p>\u2014 Igor Igamberdiev (@FrankResearcher) <a href=\\\"https:\/\/twitter.com\/FrankResearcher\/status\/1398772593184940032?ref_src=twsrc%5Etfw\\\">May 29, 2021<\/a><\/p><\/blockquote>\n<p> <script async=\\\"\\\" src=\\\"https:\/\/platform.twitter.com\/widgets.js\\\" charset=\\\"utf-8\\\"><\/script><\/p>\n<p>After that, the attacker withdrew more BUSD from the bVenusBUSD strategy and swapped $169 million in USDT for $189 million in BUSD, using Ellipsis. Then he deposited BUSD into the bVenusBUSD strategy.<\/p>\n<blockquote class=\\\"twitter-tweet\\\" data-conversation=\\\"none\\\">\n<p lang=\\\"en\\\" dir=\\\"ltr\\\">4\/8<\/p>\n<p>5) Withdrew more BUSD from bVenusBUSD strategy (\u2018Most Overlooked Strategy\u2019)<\/p>\n<p>6) Swapped 169M USDT to 189M BUSD through Ellipsis<\/p>\n<p>7) Deposited BUSD to bVenusBUSD strategy (\u2018Most Insufficient Strategy\u2019) <a href=\\\"https:\/\/t.co\/LQXbo1S42N\\\">pic.twitter.com\/LQXbo1S42N<\/a><\/p>\n<p>\u2014 Igor Igamberdiev (@FrankResearcher) <a href=\\\"https:\/\/twitter.com\/FrankResearcher\/status\/1398772601707798528?ref_src=twsrc%5Etfw\\\">May 29, 2021<\/a><\/p><\/blockquote>\n<p> <script async=\\\"\\\" src=\\\"https:\/\/platform.twitter.com\/widgets.js\\\" charset=\\\"utf-8\\\"><\/script><\/p>\n<p>In the end, the hacker repaid the flash loans and withdrew the profit.<\/p>\n<blockquote class=\\\"twitter-tweet\\\" data-conversation=\\\"none\\\">\n<p lang=\\\"en\\\" dir=\\\"ltr\\\">5\/8<\/p>\n<p>\u2757\ufe0fEnd of repetition \ud83d\udd04<\/p>\n<p>8) Repaid flash loans and withdrew profit <a href=\\\"https:\/\/t.co\/sPODKgppOc\\\">pic.twitter.com\/sPODKgppOc<\/a><\/p>\n<p>\u2014 Igor Igamberdiev (@FrankResearcher) <a href=\\\"https:\/\/twitter.com\/FrankResearcher\/status\/1398772607101636616?ref_src=twsrc%5Etfw\\\">May 29, 2021<\/a><\/p><\/blockquote>\n<p> <script async=\\\"\\\" src=\\\"https:\/\/platform.twitter.com\/widgets.js\\\" charset=\\\"utf-8\\\"><\/script><\/p>\n<p>Igamberdiev explained that beltUSD price depends on the sum of the balances across all strategies on the platform. Therefore, manipulating these strategies means the ability to influence Belt Finance&#8217;s asset price.<\/p>\n<blockquote class=\\\"twitter-tweet\\\" data-conversation=\\\"none\\\">\n<p lang=\\\"en\\\" dir=\\\"ltr\\\">7\/8<\/p>\n<p>However, if there is a way to manipulate other strategies, it is possible to manipulate the beltBUSD price.<\/p>\n<p>Apparently, by buying and selling BUSD, the attacker manipulated this price with a bug in the bEllipsisBUSD strategy balance calculations. <a href=\\\"https:\/\/t.co\/WyMLWDChJ9\\\">pic.twitter.com\/WyMLWDChJ9<\/a><\/p>\n<p>\u2014 Igor Igamberdiev (@FrankResearcher) <a href=\\\"https:\/\/twitter.com\/FrankResearcher\/status\/1398772619437092865?ref_src=twsrc%5Etfw\\\">May 29, 2021<\/a><\/p><\/blockquote>\n<p> <script async=\\\"\\\" src=\\\"https:\/\/platform.twitter.com\/widgets.js\\\" charset=\\\"utf-8\\\"><\/script><\/p>\n<blockquote class=\\\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\\\">\n<p>\u00abIt seems that by buying and selling BUSD the attacker manipulated its price, using a bug in the balance calculations of the bEllipsisBUSD strategy\u00bb.<\/p>\n<\/blockquote>\n<blockquote class=\\\"twitter-tweet\\\" data-conversation=\\\"none\\\">\n<p lang=\\\"en\\\" dir=\\\"ltr\\\">8\/8<\/p>\n<p>All stolen BUSD was converted to 2680 anyETH ($6M) via 1inch v3 and partially withdrawn to Ethereum.<\/p>\n<p>1463 ETH has not left the cross-chain bridge at the moment. <a href=\\\"https:\/\/t.co\/3luhDoLTFc\\\">pic.twitter.com\/3luhDoLTFc<\/a><\/p>\n<p>\u2014 Igor Igamberdiev (@FrankResearcher) <a href=\\\"https:\/\/twitter.com\/FrankResearcher\/status\/1398772626164797445?ref_src=twsrc%5Etfw\\\">May 29, 2021<\/a><\/p><\/blockquote>\n<p> <script async=\\\"\\\" src=\\\"https:\/\/platform.twitter.com\/widgets.js\\\" charset=\\\"utf-8\\\"><\/script><\/p>\n<blockquote class=\\\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\\\">\n<p>\u00abAll stolen BUSD were converted on 1inch v3 into 2680 anyETH worth $6 million. Part of the funds moved to Ethereum. At the moment, 1463 ETH have not left the cross-chain bridge\u00bb, noted Igamberdiev.<\/p>\n<\/blockquote>\n<p>Representatives of Belt Finance said they are investigating the incident, preparing a compensation plan. The withdrawal of assets from the BSC vaults is paused until the smart-contract update.<\/p>\n<blockquote class=\\\"twitter-tweet\\\">\n<p lang=\\\"en\\\" dir=\\\"ltr\\\">Partial funds of our 4Belt pool have been affected.(Accurate amount will be announced soon).<br \/>We are now analysising and fixing our contract for safety.<br \/>Compensation plan and accident report will be up soon.<br \/>Withdraw of BSC vaults will be paused until contract upgrade is complete<\/p>\n<p>\u2014 Belt Finance (@BELT_Finance) <a href=\\\"https:\/\/twitter.com\/BELT_Finance\/status\/1398804120731979776?ref_src=twsrc%5Etfw\\\">May 30, 2021<\/a><\/p><\/blockquote>\n<p>The BELT token price over the last 24 hours fell by 27.6%, according to <a href=\\\"https:\/\/www.coingecko.com\/en\/coins\/belt\\\" target=\\\"_blank\\\" rel=\\\"noreferrer noopener\\\">CoinGecko<\/a>. The Belt Finance platform ranks second in the Defistation index, which measures the value of assets engaged in the protocols.<\/p>\n<figure class=\\\"wp-block-image size-large\\\"><img loading=\\\"lazy\\\" decoding=\\\"async\\\" width=\\\"1024\\\" height=\\\"814\\\" src=\\\"https:\/\/u1f987.com\/wp-content\/uploads\/Defistation-6-1024x814.png\\\" alt=\\\"Hacker stole $6.2 million from DeFi protocol Belt Finance\\\" class=\\\"wp-image-137091\\\" srcset=\\\"https:\/\/u1f987.com\/wp-content\/uploads\/Defistation-6-1024x814.png 1024w, https:\/\/u1f987.com\/wp-content\/uploads\/Defistation-6-300x239.png 300w, https:\/\/u1f987.com\/wp-content\/uploads\/Defistation-6-768x611.png 768w, https:\/\/u1f987.com\/wp-content\/uploads\/Defistation-6.png 1049w\\\" sizes=\\\"auto, (max-width: 1024px) 100vw, 1024px\\\" \/><figcaption>Data: <a href=\\\"https:\/\/www.defistation.io\/\\\">Defistation<\/a>.<\/figcaption><\/figure>\n<p>Earlier, ForkLog <a href=\"https:\/\/u1f987.com\/en\/news\/hacker-crashes-pancakebunny-token-price\">\u0441\u043e\u043e\u0431\u0449\u0430\u043b<\/a>, that the hacker drove the price of the PancakeBunny token down by 80%. To manipulate prices in the USDT\/BNB and BUNNY\/BNB pairs, he borrowed funds on PancakeSwap.<\/p>\n<p>Subscribe to ForkLog&#8217;s channel on <a href=\\\"https:\/\/www.youtube.com\/channel\/UCC9FnXTC8_ENzaNSO5cHQ6g\\\" target=\\\"_blank\\\" rel=\\\"nofollow noopener\\\"> YouTube<\/a>!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The hacker stole $6.2 million from Belt Finance, a DeFi protocol built on the Binance Smart Chain DeFi ecosystem.<\/p>\n","protected":false},"author":1,"featured_media":43413,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1307,1154,1093],"class_list":["post-43412","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-bnb-chain","tag-crimes","tag-defi"],"aioseo_notices":[],"amp_enabled":true,"views":"31","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/43412","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=43412"}],"version-history":[{"count":1,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/43412\/revisions"}],"predecessor-version":[{"id":43414,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/43412\/revisions\/43414"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/43413"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=43412"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=43412"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=43412"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}