Spartan Protocol reportedly loses $30 million to a hacker. The Binance Smart Chain-based protocol was exploited due to loopholes in its launch pool.
According to a report from PeckShield, the hacker exploited the Spartan protocol on the 1st of May. The hacker capitalized on the erroneous liquidity share calculation on the Spartan protocol. This error was a result of carelessness or inexperience on the part of the Spartan developers’ team.
The hack on the pool led to an altered asset balance of liquidity shares. The hacker was able to inflate the LP balance and claim a huge sum of pool tokens that were burned. The sum claimed during the exploit amounted to $30 million.
Analyzing the Spartan Exploitation
According to The Rekt Blog, a blog famous for breaking down exploitation data, the recent Spartan exploitation is the sixth highest in the DeFi space. The Rekt Blog also went further to warn all in the smart chain space about possible attacks that may occur due to loopholes in smart contracts.
Rekt also analyzed the Spartan hack and discovered that a flash loan was taken from Pancakeswap. The attacker borrowed a huge sum of wrapped BNB which was meant to be returned with interest and then swapped the wBNB to SPARTA token repeatedly. This process made it possible for the hacker to inflate the pool’s balance.
To make it possible for the liquidity assets to be withdrawn, the tokens were burnt and the hacker repeated the process continuously to pay up the wBNB loan that was taken. Upon repayment of the loan, the hacker had access to the assets in the liquidity pool.
Rekt also discovered that the attacker swapped all stolen tokens to BTCB on 1inch exchange and eventually swapped the BTCB on Nerve Finance. The stolen assets were finally withdrawn from Nerve Finance.
In recent times, the blockchain and smart contract space has experienced a lot of attackers. Many were successful due to the weak codes set up by the project’s blockchain developers. The SPARTAN attack should serve as an eye-opener for other protocols, especially BSC-based protocols to strengthen their backend to avoid exploitations in the near future.