Main navigation

Impossible Finance DeFi Drained For $500K, Here’s How

News
Mon, 06/21/2021 - 13:07
article image
Vladislav Sopov
Another day, another large-scale attack against popular DeFi protocol
Impossible Finance DeFi Drained For $500K, Here’s How
Cover image via stock.adobe.com
Read U.TODAY on
Google News
Contents

Today, on June 21, 2021, an Impossible Finance (IF) decentralized financial protocol faced an attack that resulted in six-digit losses. According to the analysts, the design of hack may not be novel at all.

Impossible Finance (IF) protocol suffers devastating attack

Mr. Mudit Gupta, core developers of SushiSwap (SUSHI) decentralized exchange, has reported that Impossible Finance protocol has been targeted by an attack. Malefactors issued fake token and launched the liquidity pool with it.

Impossible finance got exploited today for $500k.https://t.co/mzCPRluOjn

Same exploit as the burger swap one:https://t.co/3PkVtn7Hi7

If the original project gets hacked, why don't the forks react?

— Mudit Gupta (@Mudit__Gupta) June 21, 2021

Despite that Impossible Finance (IF) isn’t a fork of BurgerSwap (BURGER) DeFi, the designs of two attacks look similar for the analysts.

Ex-Binance Research's Calvin Chu, developer at Impossible Finance, claimed that the scenario of the attack wasn’t ‘simple’ and his team is working on a solution to mitigate the ongoing issues.

Net amount of funds stolen is estimated at almost 230 Ethers or more than $500,000 at the time of attack.

One scenario, many hacks

WatchPug team tasked with the smart contract security issues in DeFi segment, shared the details of the attack design. According to them, the hackers created a liquidity pool with a fake token AAA (BBB).

Then, with the assistance of Impossible Finance router through the FAKE token liquidity pool, the attackers swapped IF tokens to BUSD stablecoins multiple times.

Initial liquidity required for the attack  - 233 Binance Coins (BNB) – had been borrowed as a ‘flash loan’ on PancakeSwap, the most popular DeFi on Binance Smart Chain.

It is the vulnerability of a liquidity pool contract that make the entire hack possible, add WatchPug experts.

article image
About the author

Blockchain Analyst & Writer with scientific background. 6+ years in IT-analytics, 3+ years in blockchain.

Worked in independent analysis as well as in start-ups (Swap.online, Monoreto, Attic Lab etc.)