bVaults’ BUSD Alpaca strategy was exploited and drained 10,859,319 BUSD out of the pool, Incident started at 10:36:00 AM UTC, May 16, 2021. The incident was due to the improper implementation of the function withdraw(address, uint256 wantAmount): we passed the method withdraw from FairLaunch contract with BUSD amount while we should have used ibBUSD amount instead. Because of this, the strategy withdrew more BUSD than needed and the extra amount was used to deposit to FairLaunch subsequently, which increased the locked BUSD amount in the contract while there was no new deposit.