Spartan Protocol, a liquidity platform for synthetic assets on the Binance Smart Chain, was drained of $30 million in a coordinated attack on its liquidity pool late Saturday.
The exploit targeted a “flawed liquidity share calculation” in the SPARTA/WBNB liquidity pool, which enabled the attacker to withdraw the funds, blockchain security company PeckShield explained. The security expert continued:
“In particular, the specific hack inflates the asset balance of the pool before burning the same amount of pool tokens to claim an unnecessarily large amount of underlying assets. The consequence of this attack results in more than $30M loss from the affected pool.”
The nuts and bolts of the attack center around the manipulation of flash loans, which were used to inflate the balance of the pool before burning an equivalent amount of pool tokens.
Spartan Protocol tweeted about the exploit late Saturday, explaining that the “Attacker used $61m in BNB to overcome the pools via […] as yet unknown economic exploit path