Bearn.Fi decentralized finance (DeFi) protocol on Binance Smart Chain (BSC) has suffered an over $11 million heist. The team says the hackers stole users’ funds by successfully exploiting a bug in the Bearn.Fi’s BvaultsBank smart contract internal withdraw logic, according to a blog post on May 17, 2021.
Bearn.Fi Looses $11 Million to Hackers
Binance Smart Chain (BSC) based DeFi protocol, Bearn.Fi has been targeted by hackers in an $11 million heist. According to a report by PeckShield Inc., a blockchain security company that claims to be focused on elevating the security, privacy, and usability of the blockchain ecosystem, the attack was launched on May 16, at exactly 10:36 AM +UTC.
The firm says the attacker exploited the BearnFi BvaultsBank smart contract, draining the $11 million in the pool.
‘BearnFi’s BvaultsBank contract was exploited to drain about $11 million of users’ funds from the pool. The incident was due to a bug in its internal withdraw logic in inconsistently reading the same input amount but with different asset denomination between BvaultsBank and the associated strategy BvaultsStrategy.”
Deposits and Withdrawals Halted
In a Twitter thread, the bEarn.Fi team has made it clear that the unfortunate incident is still being investigated, adding that despite the fact that no other bVault has been exploited, it has deemed it fit to temporarily suspend deposits and withdrawals.
“No other bVault has been affected but as a precautionary measure, we have temporarily paused withdrawals and deposits for all bVaults.Users will be able to use bVaults once we have finished with our investigation. We, will stay in touch with the community and release more information as it becomes available,” tweeted BearnFi.
As expected, the incident has put massive fear, uncertainty, and doubt in the hearts of Bearn.Fi users, as several yield farmers have taken to Twitter to ask the team whether refunds will be possible.
“Any chance to get a refund if funds were stolen during the attack?”@Hestya_93086 aksed.
In related news, BTCManager informed on May 1, 2021, that Spartan Protocol suffered a $30 million heist and it’s still unclear whether the victims will get a refund.
Earlier in May, Ethereum-based DeFi protocol, Rari Capital (RGT) lost over $10 million to bad actors via an exploit. However, the project is now making plans to reimburse its users.
At press time, the global DeFi industry has a combined total value locked (TVL) of $142.65 billion, according to data available on Defi Lama.