DeFi lending agreement bZx suffers a mysterious attack, losing hundreds of thousands of dollars

News on February 15th, bZx, an open financial (DeFi) lending protocol, was attacked, causing some ETH to have been lost.

According to bZx co-founder Kyle Kistner, although the amount of ETH currently lost is unknown, the loss does exist.

Kistner revealed some details in the bZx official telegram group, saying that a contract loophole was exploited by the attacker. The company has currently suspended the contract, while the loan contract and cancellation contract are still running.

As for the details of the vulnerability, bZx is still consulting with security researchers to understand the problem, Kistner added:

"We will publish a deeper profiling report, and the remaining funds are safe."

Due to the impact of the vulnerability, bZx has suspended its Fulcrum trading platform and is currently under maintenance.

3

According to DeFi Pulse data, users have taken 3300 ETH (about $ 932,000) from the bZx protocol in the past 24 hours.

Following the incident, DeFi observer Chris Blec commented:

"Early unproven theory holds that this is not a smart contract hack, but that someone has used oracle (possibly using fast loans) for some kind of radical market manipulation.

Another observer, Paranoid Individual, agrees, saying:

"After a quick investigation, my opinion is that someone attacked bZx through an oracle vulnerability. The news is good or bad, depending on where you are right now."

Analyst Alex gave his specific judgment:

"Recall what the attackers did:

  1. The attacker borrowed 10,000 ETH from dydx using a fast loan;
  2. He put 50% of it in compound and the remaining 50% in bZx (fulcrum uses bZx protocol);
  3. He borrowed 112 WBTC (Bitcoin Anchor Coin from ERC20) from compound;
  4. He shorted WBTC at bZw;
  5. He threw 112 WBTC in uniswap, probably to drive down prices;
  6. Return 10,000 ETH borrowed from dydx;
  7. The original contract had $ 1 million worth of eth in the compound and $ 650,000 of WBTC debt, so the attacker had a profit of about $ 350,000;

" 4

(Figure: Operation records of the attacker )

What do you think?

We will continue to update Blocking; if you have any questions or suggestions, please contact us!

Share:

Was this article helpful?

93 out of 132 found this helpful

Discover more

Opinion

OPNX Development History Tokens soar by a hundredfold, becoming a leading bankruptcy concept?

OPNX is the most comprehensive and complete in terms of product conception in the debt trading field, but from the pe...

Blockchain

On the line in March, the daily trading volume broke through 100 million, and the FTX exchange that turned out to be so hot is so hot?

The huge potential of the derivatives market is beyond doubt. Mark Lamb, CEO of CoinFLEX, recently predicted that by ...

Blockchain

The undead black swan: from ICO to IEO

If you want to discuss the biggest hot spot in the currency this year, many people will say that it is IEO. The curre...

Policy

The Crypto Circus: A Bug’s Billion-Dollar Bonanza

During the 10th day of Sam Bankman-Fried's trial, talks focused on a software glitch and the allocation of funds for ...

News

Who can take the lead in breaking the exchange contract?

Mark Lamb, CEO of CoinFLEX, predicts that by the end of 2020, the derivatives market will reach 20 times the size of ...

Blockchain

Babbitt exclusive | imToken built-in DEX upgrade independent, August will have heavy news release

Babbitt News, July 31, imToken built Tokenlon officially upgraded to an independent decentralized exchange (DEX) . It...