ValueDefi, a Binance Smart Chain based Defi protocol has become the latest protocol on BSC to face exploit as scammers managed to exploit its automated market maker (AMM) known as vSwap to steal $11 million worth of crypto assets from non 50/50 pools. This is the second exploit on the ValueDefi within a week as another $6 million were lost due to contract reinitialization.
A total of 9 out of the 16 pools were exploited by the scammers and stole the following amounts of different digital assets in the exploited pools,15k BNB – 2.7kFARM – 1.7kBASv2 – 8.5MBDO – 68.3kBUSD – 41.4kMDG – 945kVBOND – 1.2MBAC – 11k FIROThe attackers managed to exploit the Bancor formula where they sent a small amount of a second token to pair addresses and then swapped it for the digital asset in which they wanted to withdraw a small amount of the first token and a lot of the second token. Since Uniswap doesn’t accept pools with a non 50/50 asset ratio, ValueDefi was making use of the Bancor formula.
Due to incorrect use of the Bancor formula, pair contracts consider a swap to be successful The attacker swaps the first tokens for the second in the same pool and repeats this operation until the exploit allows it.BSC Based Defi Protocol Exploitation on the Rise Amid Surging PopularityBinance Smart Chain (BSC) has grown in leap and bounds this bull season with hundreds of new Defi projects choosing BSC over ETH, and even the older ones have created cross-chain support. The growing popularity can be understood from the fact that the total value locked in Defi on BSC has crossed the $45 billion mark in comparison to the TVL of Defi on ETH is just over $60 billion. However, the centralized nature of the chain makes it a primary target for scammers and multiple protocols have faced some form of exploitation over the past couple of months.Many have also accused the Binance team responsible for approving project listing of not doing a thorough analysis of the projects and giving an easy pass for BSC-based listings.