DeFi hacks are becoming common as the market becomes increasingly lucrative. The latest to be attacked is Impossible Finance, a DeFi protocol that runs on the Binance Smart Chain.
The hack took place today at 4:40 AM UTC and was in the form of a flash loan attack. It was successful, and $500k worth of Ethereum was stolen. According to Sushi swap developer Mudit Gupta, this is the same kind of attack that was applied during the recent BurgerSwap attack, where $7.2 million was lost.
From his analysis of the situation, Gupta has concluded that the team behind Impossible Finance was either incompetent or had planned it in what is commonly known as a rug pool.
A flash loan attack is a situation where a hacker accesses a loan without offering any collateral. They then engage in a series of tricks to cover their tracks until their mission is complete.
In the case of Impossible Finance, the attacker exploited a weakness in the pool’s smart contract and carried out multiple swaps of the protocol’s native token for BUSD. They then swapped to BNB to pay the flash loan.
According to Watch Plug, a crypto-security company, there was something unusual about these swaps. That’s because they were done simultaneously and were completed at the same price. Ordinarily, this should not be the case, as slippage is a factor when swapping tokens.
Despite suspicions being directed at the Impossible Finance team, they have taken to Telegram to reassure investors that they would be compensated for the lost funds.