BetterBank, a Web3 protocol, was exploited for up to $5M based on recent estimations. The protocol lost from unauthorized bonus minting, based on user-generated liquidity pairs.
BetterBank, a Web3 protocol promising DeFi banking, was exploited for an estimated $1M to $5M. The losses came from unauthorized reward minting, based on rogue liquidity pairs.
BetterBank first noticed unauthorized minting and withdrawals in the past day, sparking speculations as to the source of losses.
BetterBank to relaunch reward smart contract
The protocol team was active in handling the attack and ended up compensating losses through its reserves. BetterBank also plans to relaunch its reward program for LPs with a new token airdrop and a new smart contract.
BetterBank originally awarded bonuses for providing liquidity for the FAVOR token. However, investigation showed the liquidity pairs were untracked, and users could create a FAVOR pair against any token, even worthless newly created assets.
Despite the rogue pairs, the exploiter still received ESTEEM tokens, managing to mint a significant amount. BetterBank claimed the contract used to issue rewards was audited, but there was no vetting of the quality of FAVOR liquidity providers. On-chain investigation also showed the rogue minting managed to avoid the tax on bulk-minting rewards, by using external liquidity pairs.
BetterBank was built on PulseChain, using niche stablecoins for its liquidity. The attacker holds a remaining amount of 700K pDAI, still requiring bridging to make the tokens usable. The project team reached out to the hacker by messaging the exploit address, but did not receive an answer or a white hat proposal.
BetterBank was exploited at its peak
BetterBank was among the top 5 DeFi protocols on PulseChain. Recently, the project announced $30M in total value locked. Despite the hype, PulseChain invited skeptics, mostly due to the chain’s volatile asset.
Following the exploit, BetterBank is down to $7.96M in total liquidity, with weeks to repair smart contracts and reputational damage. The protocol also carries $10.31M in borrowed liquidity.
Pulse Chain also recently saw growth in its DeFi sector, recovering its liquidity above $300M. Pulse Chain was also affected, as Pulse and PulseX tokens were also part of the exploit. As a result of the hack, the PulseX token fell by over 15%.
PulseX fell by over 15% following the BetterBank exploit. | Source: CoinGecko.The recent exploit was part of a series of attempts against relatively small DeFi apps. Targeting niche tokens makes it more difficult for hackers to swap and mix their funds. However, in the case of BetterBank, the contract contained low-hanging fruit for generating low-value liquidity, inviting hackers to drain the protocol. Based on a previous Cryptopolitan report, hackers often target swap or bridge contracts for the ability to generate or withdraw unauthorized liquidity.
Overall, the reputation and market price losses were much higher compared to the final haul of the hacker, even if the attacker managed to liquidate the stolen stablecoins.
The hacker still managed to move 215 ETH stored on the Ethereum chain, making it easier for the funds to be mixed or swapped.
KEY Difference Wire: the secret tool crypto projects use to get guaranteed media coverage
Source: https://www.cryptopolitan.com/betterbank-exploited-5m-rogue-bonus-attack/
