Belt Finance Loses $6.23M in Another Exploit of a Binance Smart Chain DeFi Protocol

Belt Finance, a platform that provides automated market making for decentralized finance (DeFi), was hacked Saturday in a flash loan attack that resulted in the loss of $6.23 million.

• It's the latest attack on a DeFi protocol built on Binance Smart Chain, one of the so-called Ethereum killers that's built by centralized crypto exchange giant Binance.
• In a blog post, Belt Finance said the attacker created a smart contract that used PancakeSwap for flash loans and exploited its beltBUSD pool and its strategy protocols and then proceeded to execute the contract eight times for a total profit of 6,234,753 BUSD (US $6.23 million).
• beltBUSD vault users suffered a 21.36% loss of funds, while 4Belt pool users lost 5.51%, the protocol said. No other pools/vaults were affected.
• The protocol said it paused withdrawals and deposits as soon as it were aware of the attack and that the vulnerability that allowed the attack to occur has been patched.
• In its blog post dated yesterday, Belt Finance said withdrawals and deposits would resume sometime in the next 24 to 48 hours and that it's working on a "compensation plan" that will be released in next 48 hours.