BetterBank Suffers $5 Million Exploit via Reward Minting Logic → Security

The image displays smooth, glossy, intertwined abstract forms rendered in a palette of white, light blue, dark blue, and silver, set against a soft grey background. These dynamic, flowing shapes create a sense of interconnectedness and layered complexity

The image presents a gleaming metallic core, intricately designed with concentric rings, surrounded by dynamic blue liquid and white foam. This structure rests on a robust, angular base, highlighting a sophisticated engineering concept

Briefing

The BetterBank decentralized lending protocol on PulseChain was exploited on August 26-27, 2025, resulting in an initial loss of approximately $5 million. This incident stemmed from a critical vulnerability in the protocol’s reward minting logic, which allowed an attacker to generate unauthorized FAVOR and ESTEEM tokens by manipulating liquidity pairs. While the attacker later returned $2.7 million, the net loss of $1.4 million underscores the severe financial consequences of unaddressed audit findings and flawed tokenomics design.

The foreground features a cluster of irregularly faceted, translucent blue and clear crystal-like structures, interconnected by numerous dark strands. Smooth, white, urn-shaped objects with intricate internal mechanisms are positioned around this core, also linked by thin rods

Context

Prior to this incident, the DeFi ecosystem, particularly on newer chains like PulseChain, faced inherent risks from complex smart contract interactions and the rapid deployment of protocols without rigorous, fully implemented security audits. The prevailing attack surface included vulnerabilities in reward distribution mechanisms and unchecked external calls, where attackers could exploit economic incentives by creating manipulated liquidity pools. This environment often led to a false sense of security, especially when audit findings, even critical ones, were downgraded or not fully remediated.

A large, faceted, translucent blue object, resembling a sculpted gem, is prominently displayed, with a smaller, dark blue, round gem embedded on its surface. A second, dark blue, faceted gem is blurred in the background

Analysis

The attack leveraged a specific flaw within BetterBank’s swapExactTokensForFavorAndTrackBonus function and its automated bonus distribution system. The attacker initiated a flash loan, then deployed a malicious contract and a bogus ERC20 token to create a fake liquidity pool on PulseXFactory. By repeatedly swapping legitimate PDAIF for the bogus token within this manipulated pool, the attacker triggered the reward minting mechanism to generate substantial ESTEEM bonuses without incurring transaction taxes, as the rogue liquidity pair was not recognized as an official BetterBank pair. This allowed the attacker to accumulate and subsequently drain approximately $5 million in various assets from the protocol.

The image presents a striking visual juxtaposition of a dark, snow-covered rock formation on the left and a luminous blue crystalline structure on the right, separated by a reflective vertical panel. White mist emanates from the base, spreading across a reflective surface

Parameters

Protocol Targeted → BetterBank
Attack Vector → Reward Minting Exploit via Liquidity Pair Manipulation
Blockchain Affected → PulseChain
Initial Financial Impact → ~$5 Million USD
Funds Recovered → ~$2.7 Million USD
Net Loss → ~$1.4 Million USD
Vulnerable Function → swapExactTokensForFavorAndTrackBonus
Auditor → Zokyo
Laundering Method → Bridged to Ethereum, routed through Tornado Cash

An abstract, dark, multi-layered object with intricate, organic-like cutouts is depicted, covered and surrounded by a multitude of small, glowing blue and white particles. These particles appear to flow dynamically across its surface and through its internal structures, creating a sense of movement and digital interaction

Outlook

In the immediate aftermath, BetterBank has paused operations, drained remaining FAVOR pools, and is working to compensate affected users through treasury funds and recovered assets. This incident will likely reinforce the necessity for protocols to fully implement and not downgrade critical findings from security audits, especially concerning tokenomics and reward distribution logic. The broader DeFi landscape, particularly on nascent chains, must adopt more stringent pre-deployment security checks and consider continuous monitoring solutions to prevent similar liquidity manipulation and reward farming exploits.

A futuristic white and grey modular device ejects streams of luminous blue material mixed with fine white powder onto a textured, reflective surface. Small, dark blue panels, resembling oracle network components or miniature solar arrays displaying smart contract code, are strategically placed around the central mechanism, hinting at interoperability

Verdict

The BetterBank exploit serves as a stark reminder that even audited protocols remain vulnerable if critical security recommendations are not fully implemented, underscoring the imperative for continuous vigilance and comprehensive risk mitigation in DeFi.

Signal Acquired from → Zokyo