DeFi lending agreement bZx suffers a mysterious attack, losing hundreds of thousands of dollars

News on February 15th, bZx, an open financial (DeFi) lending protocol, was attacked, causing some ETH to have been lost.

According to bZx co-founder Kyle Kistner, although the amount of ETH currently lost is unknown, the loss does exist.

Kistner revealed some details in the bZx official telegram group, saying that a contract loophole was exploited by the attacker. The company has currently suspended the contract, while the loan contract and cancellation contract are still running.

As for the details of the vulnerability, bZx is still consulting with security researchers to understand the problem, Kistner added:

"We will publish a deeper profiling report, and the remaining funds are safe."

Due to the impact of the vulnerability, bZx has suspended its Fulcrum trading platform and is currently under maintenance.

3

According to DeFi Pulse data, users have taken 3300 ETH (about $ 932,000) from the bZx protocol in the past 24 hours.

Following the incident, DeFi observer Chris Blec commented:

"Early unproven theory holds that this is not a smart contract hack, but that someone has used oracle (possibly using fast loans) for some kind of radical market manipulation.

Another observer, Paranoid Individual, agrees, saying:

"After a quick investigation, my opinion is that someone attacked bZx through an oracle vulnerability. The news is good or bad, depending on where you are right now."

Analyst Alex gave his specific judgment:

"Recall what the attackers did:

  1. The attacker borrowed 10,000 ETH from dydx using a fast loan;
  2. He put 50% of it in compound and the remaining 50% in bZx (fulcrum uses bZx protocol);
  3. He borrowed 112 WBTC (Bitcoin Anchor Coin from ERC20) from compound;
  4. He shorted WBTC at bZw;
  5. He threw 112 WBTC in uniswap, probably to drive down prices;
  6. Return 10,000 ETH borrowed from dydx;
  7. The original contract had $ 1 million worth of eth in the compound and $ 650,000 of WBTC debt, so the attacker had a profit of about $ 350,000;

" 4

(Figure: Operation records of the attacker )

What do you think?

We will continue to update Blocking; if you have any questions or suggestions, please contact us!

Share:

Was this article helpful?

93 out of 132 found this helpful

Discover more

Blockchain

Run, clear the sea? This question for the exchange is too difficult

Text | Qin Xiaofeng Production | Odaily Planet Daily The market turned cold, and the exchange changed from a once env...

Blockchain

Gemini Exchange sets up insurance company to provide $ 200 million in insurance for custody services

The Winklevoss brothers' Gemini exchange has set up an insurance company to prepare up to $ 200 million in insur...

Blockchain

Full text of South Korea's first independent "Encryption Act": Insider trading carries a maximum sentence of life imprisonment.

On June 30, 2023, the South Korean National Assembly's Political Affairs Committee passed the country's first legisla...

Policy

FTX Creditors' Lawyers Strike a Sweet Deal Investors to Feast on 90% of the Remaining SBF's Empire

Non-U.S. creditors of FTX are being told by lawyers that they will receive a favorable deal in the exchange's bankrup...

Blockchain

99% of the transaction volume is fraudulent, what is left behind the false prosperity of the currency circle?

The amount of trading fraud has been ridiculous for the people of the coin circle, but all along, there are always bl...