Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Reproducible Foundry test fork from SunWeb3Sec/DeFiHackLabs. Clone the repo, run forge test against the file path above, and replay the exploit against a mainnet fork at the historical block. Use for reproduction only — not for live targets.
Nerve Finance, a stablecoin trading platform based on the Binance Smart Chain (BSC), tweeted that the Nerve-related machine gun pool in the revenue aggregator Eleven Finance have been attacked by sparks. After analysis, the reason for the exploit is that the emergencyBurn() function does not calculate the balance correctly and does not execute the destruction. On September 30th, hackers have returned approximately $4.5 million in stolen funds. Attack method (per SlowMist): Flash loan attack. Reported loss: $ 300,000.
- chain
- bsc
- protocol
- Eleven Finance
- bug_class
- flashloan
- date_occurred
- 2021-06-23
- loss_usd
- $300,000
- source_id
- sm:eleven-finance::2021-06-23