On August 27, 2025, BetterBank, a decentralized lending protocol built on PulseChain, suffered a devastating exploit that drained approximately $5 million in digital assets through a sophisticated reward minting and liquidity manipulation attack. The incident underscores the persistent vulnerabilities lurking in DeFi reward mechanisms and serves as a stark reminder that even flagged audit findings can escalate into catastrophic losses when left unaddressed.
The Exploit Mechanics
The attacker orchestrated a multi-step exploit that began with a flash loan to borrow substantial funds and drain the DAI–PDAIF liquidity pool. With the pool depleted, the attacker created a fraudulent ERC-20 token and paired it with PDAIF, establishing a counterfeit trading pair that would become the linchpin of the entire operation.
The core vulnerability lay in BetterBank’s bonus minting mechanism, which distributed ESTEEM tokens whenever liquidity was provided for FAVOR. The protocol’s reward logic failed to validate the legitimacy of the liquidity pool from which trading activity originated, meaning the attacker could trigger ESTEEM reward minting by executing wash trades between the bogus token and PDAIF in repeated cycles.
Each swap cycle inflated the attacker’s ESTEEM rewards, which were then converted back into FAVOR and additional PDAIF tokens. This self-reinforcing loop artificially boosted token supply and destabilized the pool’s pricing dynamics. The attacker then re-added liquidity to the genuine pool with intentional imbalance, extracting approximately 891 million DAI at favorable rates before repaying the flash loan and pocketing millions in profit.
Affected Systems
The attack directly impacted BetterBank’s core lending protocol on PulseChain, specifically its reward distribution system and the DAI–PDAIF, FAVOR, and ESTEEM token pools. In total, the exploit drained 891 million DAI, 9.05 billion PLSX, and 7.40 billion WPLS from the protocol.
The broader PulseChain decentralized exchange ecosystem was also affected, as the attacker laundered stolen funds through swaps on multiple PulseChain DEXes. Approximately $922,000 worth of ETH was bridged to Ethereum and subsequently routed through Tornado Cash to obscure the trail.
Bitcoin was trading at approximately $111,222 and Ethereum at $4,503 at the time of the attack, reflecting a broader market where total cryptocurrency capitalization stood above $2.9 trillion. The exploit did not trigger significant market-wide price movements but highlighted the systemic risks inherent in smaller DeFi ecosystems.
The Mitigation Strategy
Following the attack, BetterBank took immediate emergency measures by draining all remaining FAVOR pools to prevent further exploitation. The team announced a 20% bounty for the attacker, a common negotiation tactic in DeFi exploits aimed at recovering stolen funds. The protocol’s response appeared to yield results, as the attacker later returned approximately $2.7 million worth of assets, reducing the net losses to around $1.4 million.
BetterBank pledged to overhaul its reward distribution system, fix the identified vulnerabilities, and relaunch tokens via community airdrops before reopening the protocol. The team committed to engaging additional security audits and implementing stricter pool validation logic before resuming operations.
Lessons Learned
The BetterBank exploit reinforces several critical lessons for the DeFi ecosystem. First, reward minting mechanisms must only trigger through whitelisted, verified pools—never through arbitrary or user-created pairs. Token-level validation provides stronger guarantees than pair-based checks, which can be circumvented through the creation of counterfeit tokens.
Second, and perhaps most critically, the incident demonstrates the danger of dismissing audit findings. A prior security audit had flagged the risk of fake liquidity pools being used to manipulate the reward system, but the finding was downgraded to low severity and left unpatched. This single oversight created a direct pathway for a multi-million dollar exploit.
Third, flash loan-enabled attacks continue to represent one of the most potent threat vectors in DeFi, allowing attackers to execute complex, capital-intensive exploits without any upfront investment. Protocols must design their systems with the assumption that flash loan manipulation is a baseline threat, not an edge case.
User Action Required
Users who interacted with BetterBank or held FAVOR, ESTEEM, or related tokens should immediately revoke any token approvals granted to the protocol’s smart contracts. Wallets connected to PulseChain DEXes around the time of the attack should be monitored for suspicious activity.
Community members should watch for official announcements from BetterBank regarding the token relaunch and airdrop distribution. Any communications claiming to be from the team should be verified through official channels, as exploit events frequently attract phishing campaigns targeting affected users.
Disclaimer: This article is for informational purposes only and does not constitute financial or investment advice. Always conduct your own research before engaging with any DeFi protocol.
Real-time monitoring tools are getting better at catching exploits early
monitoring caught it after $5M was gone. real-time monitoring in defi is always reactive. the fake token plus wash trade pattern should have been caught at the contract level
DeFiDave reactive monitoring caught it after $5M. the fake token pattern should be blocked at the contract level, not detected after the fact
Multi-sig wallets should be the default for everyone in crypto
multisig wouldnt help here. the vulnerability was in the reward minting logic not a key compromise. the protocol legitimately minted ESTEEM tokens because it didnt validate the liquidity pool source
reward_exploit the protocol legitimately minted rewards because it never checked the pool source. thats not a key issue, its a design flaw
The cost of a security breach always exceeds the cost of prevention