DeFi lending agreement bZx suffers a mysterious attack, losing hundreds of thousands of dollars

News on February 15th, bZx, an open financial (DeFi) lending protocol, was attacked, causing some ETH to have been lost.

According to bZx co-founder Kyle Kistner, although the amount of ETH currently lost is unknown, the loss does exist.

Kistner revealed some details in the bZx official telegram group, saying that a contract loophole was exploited by the attacker. The company has currently suspended the contract, while the loan contract and cancellation contract are still running.

As for the details of the vulnerability, bZx is still consulting with security researchers to understand the problem, Kistner added:

"We will publish a deeper profiling report, and the remaining funds are safe."

Due to the impact of the vulnerability, bZx has suspended its Fulcrum trading platform and is currently under maintenance.

3

According to DeFi Pulse data, users have taken 3300 ETH (about $ 932,000) from the bZx protocol in the past 24 hours.

Following the incident, DeFi observer Chris Blec commented:

"Early unproven theory holds that this is not a smart contract hack, but that someone has used oracle (possibly using fast loans) for some kind of radical market manipulation.

Another observer, Paranoid Individual, agrees, saying:

"After a quick investigation, my opinion is that someone attacked bZx through an oracle vulnerability. The news is good or bad, depending on where you are right now."

Analyst Alex gave his specific judgment:

"Recall what the attackers did:

  1. The attacker borrowed 10,000 ETH from dydx using a fast loan;
  2. He put 50% of it in compound and the remaining 50% in bZx (fulcrum uses bZx protocol);
  3. He borrowed 112 WBTC (Bitcoin Anchor Coin from ERC20) from compound;
  4. He shorted WBTC at bZw;
  5. He threw 112 WBTC in uniswap, probably to drive down prices;
  6. Return 10,000 ETH borrowed from dydx;
  7. The original contract had $ 1 million worth of eth in the compound and $ 650,000 of WBTC debt, so the attacker had a profit of about $ 350,000;

" 4

(Figure: Operation records of the attacker )

What do you think?

We will continue to update Blocking; if you have any questions or suggestions, please contact us!

Share:

Was this article helpful?

93 out of 132 found this helpful

Discover more

Blockchain

Bibox and SKR staged the coin ring, and the IEO gambling nature became more intense.

At 8 am on the 22nd, two hours before the start of the first Star Project (IEO) on the Bibox Exchange, Bibox official...

Finance

The Block Editor-in-Chief 5 Innovative Projects Worth Paying Attention to

Promising emerging projects include derivatives protocols, governance platforms, and infrastructure, among others. Au...

Blockchain

Interviewed 800 crypto traders in 75 countries around the world. What did they find?

"Traders look for simplicity, but the exchange can't meet it. 80% of participants have entered the market f...

Blockchain

Will Upbit's $ 50 million loss bring Defi's "prosperity"?

The South Korean exchange was stolen again. Following the theft of a South Korean exchange at the beginning of the ye...

Blockchain

Getting Started | What is an aggregate transaction? What are the operating principles and advantages?

Recently, the concept of aggregate transactions has been repeatedly mentioned, how is aggregated trading realized? Wh...

Blockchain

Why do I always receive "Exchange Withdrawal" messages? Learn about the classification and protection measures of Web3.0 data leakage events in this article.

This article will introduce you to the classification of Web3.0 data breaches and what measures we should take to pr...