$30M Flash Loan Attack
The Intelligent Insurer #15 – $30 million drained from Spartan DeFi liquidity pool highlights risks in the growing industry
Spartan DeFi, a decentralized finance (DeFi) protocol on the Binance Smart Chain, has suffered a loss of $30 million after a flash loan attack. The attack, which occurred on May 1st, was reported to be the result of a flawed liquidity share calculation in the protocol.
Flash loan protocols have been prone to numerous attacks since 2020. Some believe these attacks are early problems that will evaporate as the technology matures. However, the majority believe that it is a challenge that will persist, similar to how financial institutions need to be constantly wary of their cybersecurity.
In the latest Intelligent Insurer, we highlight the recent attack on Spartan DeFi, detailing the challenges of flash loans in general. We also propose how users can ensure asset protection, especially in a nascent industry that is exposed to various attack vectors.
Spartan DeFi Attack Details
Flash loans allow strangers to access credit without collateral. It is a blockchain-specific DeFi innovation. The condition for executing such loans is that the entire process is performed within a single block on the underlying blockchain. If the principal of the loan is not returned within the same block, the transaction is excluded from the block. Hence, the timeframe from borrowing to payback is usually very swift, and is processed via smart contracts.
In the Spartan exploit, things happened very quickly as a hacker inflated the asset balance in a liquidity pool before burning the same amount of pool tokens. This permitted the hacker to claim a large amount of the underlying assets, resulting in a loss of over $30 million from the affected pool. The Spartan DeFi exploit is the latest of a long list of attacks on DeFi protocols since 2020.
A Series of Flash Loan Attacks
Some of the protocols that have suffered flash loan attacks since 2020 include bZx, Balancer, Eminence Finance, Harvest Finance, and others. bZx has suffered multiple attacks on different occasions. In November 2020, Value DeFi also suffered a flash loan attack that cost the platform over $6 million in value.
Apart from these exploits, flash loans still offer a lot of utility to those in the DeFi market. Flash loans enable market makers, leveraged traders, and arbitrageurs to quickly access liquidity. Such liquidity could be used to meet a margin call or capitalize on an arbitrage opportunity.
DeFi Not Slowing Down
Despite the repeated attacks on DeFi platforms, the rate of adoption has not slowed down. Recent research from VYSYN Ventures has highlighted that the DeFi ecosystem has a growing number of active users, more protocols, and deeper liquidity. The Total Value Locked (TVL) in DeFi lending recently reached an all-time high (ATH) of $39.23 billion. At the time of writing the TVL was $38.62 billion.
(Source: Defipulse.com)
As DeFi continues to grow, investors and participants will be exposed to a wide variety of risks. Bugs and security lapses are a part of fast-paced innovation. For DeFi participants, this means a higher risk of smart contract exploits and rug pulls.
Digital asset insurance solutions are one option to manage such risk. However, few offer insurance for a broad array of potential attacks. Insured Finance is lining up to be the most comprehensive digital asset insurance platform by enabling users to secure tailored insurance through their marketplace.
About Insured Finance
Insured Finance is a decentralized, peer-to-peer insurance marketplace. Built on the Polkadot blockchain, Insured Finance users can request customized insurance on a wide variety of digital assets. Those that fulfill requests earn premiums and can earn a competitive return on their capital. Claims are fully collateralized and settled instantly.