BetterBank Suffers $5 Million Exploit via Reward Minting Logic → Security

A close-up view features a textured, light blue surface with intricate, angular metallic channels. Through these polished openings, a deeper blue, reflective substance is visible, suggesting an underlying dynamic element

The image presents a striking visual juxtaposition of a dark, snow-covered rock formation on the left and a luminous blue crystalline structure on the right, separated by a reflective vertical panel. White mist emanates from the base, spreading across a reflective surface

Briefing

The BetterBank decentralized lending protocol on PulseChain was exploited on August 26-27, 2025, resulting in an initial loss of approximately $5 million. This incident stemmed from a critical vulnerability in the protocol’s reward minting logic, which allowed an attacker to generate unauthorized FAVOR and ESTEEM tokens by manipulating liquidity pairs. While the attacker later returned $2.7 million, the net loss of $1.4 million underscores the severe financial consequences of unaddressed audit findings and flawed tokenomics design.

A detailed perspective showcases a futuristic technological apparatus, characterized by its transparent, textured blue components that appear to be either frozen liquid or a specialized cooling medium, intertwined with dark metallic structures. Bright blue light emanates from within and along the metallic edges, highlighting the intricate design and suggesting internal activity

Context

Prior to this incident, the DeFi ecosystem, particularly on newer chains like PulseChain, faced inherent risks from complex smart contract interactions and the rapid deployment of protocols without rigorous, fully implemented security audits. The prevailing attack surface included vulnerabilities in reward distribution mechanisms and unchecked external calls, where attackers could exploit economic incentives by creating manipulated liquidity pools. This environment often led to a false sense of security, especially when audit findings, even critical ones, were downgraded or not fully remediated.

A translucent blue, rectangular device with rounded edges is positioned diagonally on a smooth, dark grey surface. The device features a prominent raised rectangular section on its left side and a small black knob with a white top on its right

Analysis

The attack leveraged a specific flaw within BetterBank’s swapExactTokensForFavorAndTrackBonus function and its automated bonus distribution system. The attacker initiated a flash loan, then deployed a malicious contract and a bogus ERC20 token to create a fake liquidity pool on PulseXFactory. By repeatedly swapping legitimate PDAIF for the bogus token within this manipulated pool, the attacker triggered the reward minting mechanism to generate substantial ESTEEM bonuses without incurring transaction taxes, as the rogue liquidity pair was not recognized as an official BetterBank pair. This allowed the attacker to accumulate and subsequently drain approximately $5 million in various assets from the protocol.

A prominent, textured white sphere, resembling a celestial body, is centrally positioned, encircled by a reflective silver ring and delicate white orbital lines. Surrounding this core are voluminous, cloud-like formations in varying shades of blue and white, along with smaller blue spheres and a distinct blue cube, all contained within a larger, reflective metallic structure

Parameters

Protocol Targeted → BetterBank
Attack Vector → Reward Minting Exploit via Liquidity Pair Manipulation
Blockchain Affected → PulseChain
Initial Financial Impact → ~$5 Million USD
Funds Recovered → ~$2.7 Million USD
Net Loss → ~$1.4 Million USD
Vulnerable Function → swapExactTokensForFavorAndTrackBonus
Auditor → Zokyo
Laundering Method → Bridged to Ethereum, routed through Tornado Cash

A striking abstract composition showcases a translucent, porous white structure encasing a vivid blue interior, with prominent metallic cylindrical elements. The foreground features a detailed, multi-layered metallic component, appearing as a precise mechanical part embedded within the organic framework, hinting at intricate functional design

Outlook

In the immediate aftermath, BetterBank has paused operations, drained remaining FAVOR pools, and is working to compensate affected users through treasury funds and recovered assets. This incident will likely reinforce the necessity for protocols to fully implement and not downgrade critical findings from security audits, especially concerning tokenomics and reward distribution logic. The broader DeFi landscape, particularly on nascent chains, must adopt more stringent pre-deployment security checks and consider continuous monitoring solutions to prevent similar liquidity manipulation and reward farming exploits.

A polished silver toroidal structure rests alongside a sculpted, translucent sapphire-blue form, revealing an intricate mechanical watch movement. The objects are presented on a minimalist light grey background, highlighting their forms and internal details

Verdict

The BetterBank exploit serves as a stark reminder that even audited protocols remain vulnerable if critical security recommendations are not fully implemented, underscoring the imperative for continuous vigilance and comprehensive risk mitigation in DeFi.

Signal Acquired from → Zokyo