After this incident, users now must ask themselves; how many more protocols are at risk? At around 9 am UTC on March 4, 2021, Meerkat, one decentralized finance (DeFi) protocol on Binance’s smart contract platform, lost about $31 million worth of BNB tokens.
While the team originally claimed that they had been the victim of a significant exploit, they have since deleted all social channels. As a result of the nature of this exploit, some people think that the team liquidated and pilfered user funds, which is a kind of scam that is colloquially known as ‘rugpull.’
Meerkat is a fork of the Ethereum-native yield vault protocol Yearn Finance and it was barely hours old when the attack drained its vaults. Notably, the on-chain transactions indicate that an address upgraded the Meerkat deployer contract. Then, it granted the address permission to liquidate all vault holdings. For now, users have taken to Binance community channels to report all their losses.
At the time of writing, Binance has released no official statement about this matter. Given BSC’s centralized nature and absence of a privacy-preserving “mixer” tool similar to Tornado Cash on this chain, some of the users are now hopeful that Binance can track down the responsible criminals and step in to mitigate the effects of the hack.
Team's claiming it was a "hack" but the TXs don't lead to that conclusion.
Dev I talked to who looked at it said this should be catchable by @binance due to the sheer size, 13m+, no dex that can handle BEP has enough LIQ for that. https://t.co/tg8npVZcBi
— Pen (@Crypto_Pen) March 4, 2021
Nonetheless, Binance is yet to intervene in BSC traffic in such a manner, despite considerable goading in the form of a racist yield farming project released in the past week. Rugpull or exploit, there is a continuing cause for alarm for BSC users.
In the past week Yeld, an Ethereum-native yield vault project, was siphoned off all funds from their DAI stablecoin vault. In their since-deleted blog post, the team warned that the exploit was the result of a problem in the code that they had forked from Yearn. Since that time, the Yearn team has patched that flaw. Many of the other forked projects may be similarly compromised by such a flaw.
While forking is a common occurrence in the Ethereum DeFi sector, Binance Smart Chain has elevated it to become an art. A majority of the staple Ethereum dapps and also art projects have an exact Binance replica. This means that previous attack strategies that have affected the DeFi summer might have been reopened on the increasingly-popular chain.
Apart from the centralization and forking risks, the aura of cheap BSC transactions has nevertheless been quite potent for most Ethereum developers to resist. Many teams, including Sushiswap, Harvest Finance, 1inch, and Value DeFi have announced their implementations on the chain.
