Home DeFi lending protocol bZx hacked twice in four days
Crypto News

DeFi lending protocol bZx hacked twice in four days

FX Street
Updated:
  • The overall loss incurred by both the attacks totaled around $954,000.
  • The first hack was due to bug exploitation in the bZx smart contract, while an oracle manipulation attack caused the second hack.

DeFi lending protocol bZx has been successfully hacked twice in just four days, incurring a total loss of about $954,000. According to bZx’s report, the first attack took place on February 14, when the team was attending the ETHDenver industry event. The protocol was compromised for the second time on February 18, as per The Block’s report.

During the first attack, the hacker used several DeFi protocols to lend and swap vast quantities of Ether and wrapped Bitcoin (WBTC) in a manner that allowed them to manipulate the prices and profit of the eventual leveraged trade. The attacker first loaned 10,000 Ether (ETH) from dYdX, a lending protocol, and later used 5,500 ETH ($1.46 million) to obtain a 112 WBTC loan (>$1 million) on Compound, another DeFi protocol. Following this, they used bZx’s Fulcrum trading platform to open a 5x leveraged position on the ETH/BTC pair with a 1,300 ETH investment. After that, they used Kyber’s Uniswap to borrow 5,637 ETH and swap them for 51 WBTC. Ultimately, by swapping the 112 WBTC from Compound to 6,671 ETH, the attacker was able to pocket a profit of 1,193 ETH (nearly $318,000). They then paid back the erstwhile borrowed 10,000 ETH to dYdX. The attacker was able to execute this elaborate attack by exploiting a bug in bZx’s smart contract. This bug has since been fixed.

Currently, the details about the second hack are still unclear. A message from Kyle Kistner, the project’s CVO, says that it was an oracle manipulation attack. Oracles are centralized components that provide on-chain applications with external data.

According to the estimates by The Block, the loss suffered totals 2,388 ETH (nearly $636,000). Kistner notes that the team can neutralize the hack and prevent the loss of user funds like they did for the first hack. He also said that the devs will now use ChainLink’s protocol to make the system safer.

FX Street

FX Street

FXStreet is the leading independent portal dedicated to the Foreign Exchange (Forex) market. It was launched in 2000 and the portal has always been proud of their unyielding commitment to provide objective and unbiased information, to enable their users to take better and more confident decisions.

WARNING: The content on this site should not be considered investment advice and we are not authorised to provide investment advice. Nothing on this website is an endorsement or recommendation of a particular trading strategy or investment decision.  The information on this website is general in nature, so you must consider the information in light of your objectives, financial situation and needs. Investing is speculative. When investing your capital is at risk. This site is not intended for use in jurisdictions in which the trading or investments described are prohibited and should only be used by such persons and in such ways as are legally permitted. Your investment may not qualify for investor protection in your country or state of residence, so please conduct your own due diligence or obtain advice where necessary. Crypto promotions on this site do not comply with the UK Financial Promotions Regime and is not intended for UK consumers. This website is free for you to use but we may receive a commission from the companies we feature on this site.

© forexcrunch.com All Rights Reserved 2017 – 2024