Binance Smart Chain DeFi Protocol Exploited and Token Drained to $0.00 by Hackers

Binance Smart Chain DeFi Protocol Exploited and Token Drained to $0.00 by Hackers

On Wednesday, the 16th of June, KetchupSwap, Lokum, YBear, Piggy, CaramelSwap, GoCerberus, and Garuda native tokens all dropped to $0. Hackers have managed to take advantage of these DeFi protocols, all of which were created using the same system.

Hackers Stole $10 Million Worth of Tokens

The exact value that hackers stole is still unclear. However, hackers may have gotten away with an amount equal to the market cap of these projects. The market value of the GARUDA token is around $2 million while CERBERUS is nearly $4 million. Along with other farms, we can see exploits worth $10 million.

These vulnerabilities only target the native tokens of these Binance projects, allowing hackers to ramp up their rewards on a large scale and then toss the excess tokens on the market. It is important to note that non-native tokens such as CAKE or BNB are not affected by exploits.

How it happened

Most of the revenue farms on Binance Smart Chain use MasterChef contracts to distribute rewards. The contract aims to distribute rewards for liquidity pool tokens, but all of these farms also use the MasterChef contract to receive other types of rewards. One of the latest trends at DeFi is adding transaction fees to every transaction on the platform.

Ultimately, this gives hackers a place to take advantage of the contract. Since the MasterChef contract was never designed to compare user balances with mining pool balances, users can generate so many tokens in one harvest that they can immediately empty the mining pool. Basically, even if there is only one token in the pool, hackers can generate thousands of tokens. This has happened to GarudaSwap, Cerberus, KetchupSwap, and everyone else.

The Solution to the Problem

Cerberus and Garuda initiated the Thoreum Finance project, which introduced improved smart contracts. Users who own one of these tokens will be compensated. The team plans to launch a new platform that will use the snapshot moment prior to the exploit to determine how many tokens each person has. However, Thoreum Finance will not be creating an emergency plan this week.

project leader ZeusThunder wrote in a statement:

“We know that this should happen soon so we are talking with a professional team to do this service for us. But this will take time because it is complicated, so please be patient with us!” 

Disclaimer: The information in this article should not be considered financial advice, and FXCryptoNews articles are intended only to provide educational and general information. Please consult with a financial advisor before making any investment decisions.

Share this :