Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Reproducible Foundry test fork from SunWeb3Sec/DeFiHackLabs. Clone the repo, run forge test against the file path above, and replay the exploit against a mainnet fork at the historical block. Use for reproduction only — not for live targets.
The DeFi protocol bEarnFi stated that on May 16, its bVaults BUSD-Alpaca strategy was attacked, and nearly 10.86 million BUSD in the pool was exhausted. However, the remaining bvault and other pools of the platform are not at risk. At the same time, bEarnFi released a rough compensation plan, which will create a compensation fund, which will consist of the remaining savings funds, development funds, DAO funds, and part of the expenses incurred by the agreement. After that, a snapshot of the balance will be taken to deploy compensation contracts. Affected users will receive an additional 5% of their deposit amount. Attack method (per SlowMist): Contract Vulnerability. Reported loss: $ 11,000,000.
- chain
- —
- protocol
- bEarn Fi
- bug_class
- logic
- date_occurred
- 2021-05-16
- loss_usd
- $11,000,000
- source_id
- sm:bearn-fi::2021-05-16