Spartan Protocol lost $30M when an attacker used flash loans to manipulate liquidity pool share calculations, inflating collateral value.
The attacker exploited a flaw in Spartan Protocol's liquidity share calculation. By repeatedly adding and removing liquidity with flash-loaned BNB, they artificially inflated the pool's calculated liquidity value. This manipulated value was then used to borrow far more than the actual collateral was worth, extracting $30M from the protocol's pools.
Stolen BNB converted to stablecoins via PancakeSwap and other BSC DEXes. Funds bridged to Ethereum and mixed via Tornado Cash. PeckShield published a detailed exploit analysis. The Spartan Protocol team paused contracts and conducted a post-mortem. No attacker identified, no funds recovered.
0xdb65d05ff8d3d01e3b0e77b8e3c1dc5f29d4a26bb9c06dfa1a7e4f8d9b0c1a2