Valdez, a Binance Smart Chain based De-Fi protocol, has become the latest protocol on BSC to face exploit as scammers exploited its automated market maker (AMM) known as vSwap to steal $11 million worth of crypto assets from non 50/50 pools. This is the second exploit on the De-Fi Value within a week as they lost another $6 million due to contract reinitialization.
A total of 9 out of the 16 pools were exploited by the scammers and stole the following amounts of different digital assets in the exploited pools,
- BNB – 2.7k
- FARM – 1.7k
- BASv2 – 8.5m
- BDO – 68.3k
- BUSD – 41.4k
- MDG – 945k
- VBOND – 1.2m
- BAC – 11k FIRO
The attackers exploited the Bancor formula where they sent a small amount of a second token to pair addresses and then swapped it for the digital asset in which they wanted to withdraw a small amount of the first token and a lot of the second token. Since Uniswap doesn’t accept pools with a non 50/50 asset ratio, ValueDefi was making use of the Bancor formula.
Because of incorrect use of the Bancor formula, pair contracts consider a swap to be successful The attacker swaps the first tokens for the second in the same pool and repeats this operation until the exploit allows it.
BSC Based Defi Protocol Exploitation on the Rise Amid Surging Popularity
Binance Smart Chain (BSC) has grown in leap and bounds this bull season with hundreds of new Defi projects choosing BSC over ETH, and even the older ones have created cross-chain support. The growing popularity can be understood from the fact that the total value locked in Defi on BSC has crossed the $45 billion mark compared to the TVL of Defi on ETH is just over $60 billion. However, the centralized nature of the chain makes it a primary target for scammers and multiple protocols have faced an exploitation over the past couple of months.
Many have also accused the Binance team responsible for approving project listing of not doing a thorough analysis of the projects and giving a simple pass for BSC-based listings.
