bEarn Fi, a cross-chain auto yield farming protocol, was exploited earlier Sunday, resulting in a loss of almost $11 million, according to China-based blockchain analysis firm PeckShield.

  • It's the latest attack on a decentralized finance protocol built on Binance Smart Chain, one of the so-called Ethereum killers that's built by centralized crypto exchange giant Binance.
  • "Dear community, we are aware that users' deposit in BUSD have increased significantly," bEarn Fi's official Twitter account stated at about 9:30 a.m. ET Sunday. "Please be advised that we are currently investigating the Alpaca Vault incident. No other bVault has been affected but we have taken a precautionary measure and temporarily paused withdrawals and deposits for all bVaults."
  • A spokesperson from PeckShield told CoinDesk in a WeChat message that the firm is still investigating the cause of the attack.
  • On bEarn Fi's Telegram group, users have been asking bEarn Fi's team members since early Sunday morning about whether something went wrong with the Binance USD (BUSD) vault on bEarn Fi.
  • "Is there a BUSD vault problem?" one user asked at 7:11 a.m. ET. "It's increasing so much that it's impossible."
  • "We are working on it," one team member from bEarn Fi wrote in response to users' multiple requests about whether their funds are safe.
  • Earlier in May, another BSC-based defi protocol, Spartan Protocol, was attacked in a breach that caused more than $30 million in losses.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.