BetterBank erleidet 5-Millionen-Dollar-Exploit durch unbefugtes Bonus-Minting

Smart Contract-Lücke ermöglicht unerlaubte Token-Erstellung

Die DeFi-Plattform BetterBank wurde Opfer eines ausgeklügelten Angriffs, bei dem Angreifer eine Schwachstelle im Bonusvergütungssystem ausnutzten. Durch manipulierte Transaktionen gelang es den Unbekannten, Bonus-Token im Wert von 5 Millionen US-Dollar zu minten – ohne die dafür erforderlichen Sicherheitschecks zu durchlaufen.

Systemumgehung durch Code-Manipulation

Die Täter umgingen die üblichen Verifizierungsprozesse, indem sie bestimmte Smart Contract-Funktionen direkt ansprachen. Statt die regulären Nutzerinterfaces zu verwenden, initiierten sie Transaktionen, die die Bonusbedingungen künstlich erfüllten – ein klassischer Fall von „Gaming the System“ auf Blockchain-Ebene.

Die Ironie des Ganzen? Während traditionelle Banken mit regulatorischer Bürokratie kämpfen, beweist dieser Vorfall, dass DeFi-Projekte ihr eigenes, kreatives Maß an Compliance-Herausforderungen meistern müssen. Manchmal ist die innovativste Technologie auch die anfälligste.

BetterBank to relaunch reward smart contract

The protocol team was active in handling the attack and ended up compensating losses through its reserves. BetterBank also plans to relaunch its reward program for LPs with a new token airdrop and a new smart contract.

🚨UPDATE BETTERBANKERS🚨

Yesterday was rough. Within minutes it went from “hmm, not normal liquidations” → to “this is so not good.”
But we jumped into action: paused the protocol, kept comms open for hours, pulled in devs, and started saving what we could.

Because of Favor…

— BetterBank.io (@BetterBank_io) August 27, 2025

BetterBank originally awarded bonuses for providing liquidity for the FAVOR token. However, investigation showed the liquidity pairs were untracked, and users could create a FAVOR pair against any token, even worthless newly created assets. 

Despite the rogue pairs, the exploiter still received ESTEEM tokens, managing to mint a significant amount. BetterBank claimed the contract used to issue rewards was audited, but there was no vetting of the quality of FAVOR liquidity providers. On-chain investigation also showed the rogue minting managed to avoid the tax on bulk-minting rewards, by using external liquidity pairs. 

BetterBank was built on PulseChain, using niche stablecoins for its liquidity. The attacker holds a remaining amount of 700K pDAI, still requiring bridging to make the tokens usable. The project team reached out to the hacker by messaging the exploit address, but did not receive an answer or a WHITE hat proposal. 

BetterBank was exploited at its peak

BetterBank was among the top 5 DeFi protocols on PulseChain. Recently, the project announced $30M in total value locked. Despite the hype, PulseChain invited skeptics, mostly due to the chain’s volatile asset. 

Following the exploit, BetterBank is down to $7.96M in total liquidity, with weeks to repair smart contracts and reputational damage. The protocol also carries $10.31M in borrowed liquidity. 

Pulse Chain also recently saw growth in its DeFi sector, recovering its liquidity above $300M. Pulse Chain was also affected, as Pulse and PulseX tokens were also part of the exploit. As a result of the hack, the PulseX token fell by over 15%.

The recent exploit was part of a series of attempts against relatively small DeFi apps. Targeting niche tokens makes it more difficult for hackers to swap and mix their funds. However, in the case of BetterBank, the contract contained low-hanging fruit for generating low-value liquidity, inviting hackers to drain the protocol. Based on a previous Cryptopolitan report, hackers often target swap or bridge contracts for the ability to generate or withdraw unauthorized liquidity.

Overall, the reputation and market price losses were much higher compared to the final haul of the hacker, even if the attacker managed to liquidate the stolen stablecoins. 

The hacker still managed to move 215 ETH stored on the Ethereum chain, making it easier for the funds to be mixed or swapped. 

KEY Difference Wire: the secret tool crypto projects use to get guaranteed media coverage