bEarn Fi Loses $11M in Latest Exploit of a Binance Smart Chain DeFi Protocol

Screen-Shot-2021-05-16-at-10.52.53
16 May 2021

bEarn Fi, a cross-chain auto yield farming protocol, was exploited earlier Sunday EST, resulting in a loss of near $11 million, according to China-based blockchain analysis firm PeckShield.

  • It's the latest attack on decentralized finance protocols built on Binance Smart Chain, one of the so-called Ethereum killers that's built by centralized crypto exchange giant Binance.
  • "Dear community, we are aware that users' deposit in BUSD have increased significantly," bEarn Fi's official Twitter account wrote at around 9:31 a.m. EST Sunday, May 16. "Please be advised that we are currently investigating the Alpaca Vault incident. No other bVault has been affected but we have taken a precautionary measure and temporarily paused withdrawals and deposits for all bVaults."
  • A spokesperson from PeckShield told CoinDesk in a WeChat message that they are still investigating the cause of the attack but the attack on bEarn Fi resulted in losses of near $11 million.
  • On bEarn Fi's Telegram group, users have been asking bEarn Fi's team members since early Sunday morning EST about whether something went wrong with the Binance USD (BUSD) vault on bEarn Fi.
  • "Is there a BUSD vault problem?" one user asked at 7:11 AM EST. "It's increasing so much that it's impossible."
  • "We are working on it," one team member of bEarn Fi wrote, in response to users' multiple requests on whether their funds are safe.
  • Earlier in May, another BSC-based defi protocol, Spartan Protocol, was attacked with a loss of more than $30 million.
Disclosure
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.