While one may have thought that hackers were done with flash loan attacks or DeFi projects have moved to evaluate their codebases, it appears the opposite is the case, and malicious attacks are still very much active in the scenes.
Binance Smart Chain project “Impossible Finance” is the latest DeFi protocol to suffer a flash loan exploit. According to posts on the multi-chain incubator project’s social media feeds on Monday, Impossible Finance lost around 230 ETH in a flash loan attack on its liquidity pool.
A copycat attacker?
Mudit Gupta, a core developer with SushiSwap, explained that the exploit appears to be similar to that of BurgerSwap in late May. As reported by BTC PEERS, the attacker managed to steal over $7 million from the protocol back then.
Meanwhile, security firm WatchPug revealed that the hacker executed several swaps in a row within the same price range. This vulnerability in the pool’s smart contract allowed the attacker to drain the liquidity pool, an act that would have otherwise been impossible due to slippage.
As expected, the price of the project’s token crashed following the news. However, the Impossible Finance team said on Telegram that an insurance fund has been earmarked to compensate liquidity providers.
We have also prepared an insurance fund to ensure that your funds are safe and remain our number one priority. All users funds who deposited into liquidity pools (“LPs”) PRIOR to the attack will be 100% compensated.