The DeFi protocol bZx was hacked again and lost more than $ 8 million worth of crypto due to its smart contract’s faulty code.
14 September 2020 | AtoZ Markets – Crypto tokens have long been criticized, but decentralized financial (DeFi) applications changed the story. bZx is a DeFi smart contract designed on Ethereum (ETH) that allows to leverage and margin trade without third party.
Defi Protocol bZx Lost $8 Million Due to a Faulty Code
The DeFi protocol bZx has been hacked again due to a coding bug. This time it has lost users deposits more than $ 8 million or 30% of bZx’s total assets locked. The bug allowed the attacker to duplicate assets and increase the balance of iTokens (bZx interest-bearing tokens).
Co-founder Kyle Kistner said they realized something was wrong on Sunday. That day, bZx faced a $2.6 million decline in the Protocol’s Total Value Lock due to a single LINK token withdrawal. There was a vulnerability in the “transferfrom0 protocol”. It allows hackers to make successful ERC20 transactions between protocols.
Hackers have used this bug to exploit 219,200 LINK tokens (around $2.6 million), 4,503 ETH (around $ 1.6 million), 1,756,351.27 USDT, 1,412,048 USDC, 667,989 DAI (around $ 680,000). That’s a total of $ 8.1 million. bZx suspended the protocol to fix a bug but resumed operation hours later. But bZx said the insurance has covered the loss, and there is no risk to the user’s funds. Kyle Kistner also said:
“No funds are at risk. Due to a token duplication incident, the protocol insurance fund has transiently accrued a debt. The insurance fund is backstopped by both the token treasury in addition to protocol cash flows.”
Earlier, bZx protocol applied a patched, which is approved by two audit firms Certik and Peckshield. However, Kistner points out that these audit firms have failed to identify recent bugs.
Think we missed something? Let us know in the comment section below.