0Crypto hacker steals Ethereum from DeFi lending protocol bZx once again. The estimated loss is 2,388 Ethereum (ETH) nearly $645,000. Robert Leshner, founder of DeFi lending protocol Compound, said that the bZx team “should immediately shut down until the platform can be thoroughly and comprehensively audited”.
18 February, 2020 | AtoZ Markets – Decentralized finance (DeFi) has taken a hard hit after the Decentralized Lending Protocol bZx saw two successful hacks a few days apart. The total loss is around $ 954,000. According to the bZx report, the protocol was compromised for the first time on February 14, when the team was present at the ETHDenver. According to the news outlet The Block, the second attack took place on February 18.
DeFi Lending Protocol bZx Has Hit the Pause Button Again
The nature of the second attack is still largely unclear, but bZx co-founder Kyle Kistner said on the official Telegram company channel:
“It appears to be an oracle manipulation attack,”
Oracles are generally centralized components that provide external data to on-chain applications. Crypto hacker steals at 2,388 Ethereum (ETH) this time, nearly $ 645,000. “We can neutralize this as we did last time,” said Kistner.
Earlier today, the bZx released a post-mortem of its first attack, claiming that 1,193 ETH, with a current value of around $ 298,000, have been lost. bZx has again paused its protocol. The hack transaction would have been carried out by flash loans and transactions on Synthetix. “It has no impact on the Synthetix system although it has involved sUSDs,” bZx tweeted today.
Besides, he promised that the developers of bZx would switch to oracles based on the Chainlink protocol. This would make the system more secure.
Hackers Used Several DeFi Protocols to Steals
The attacker used several DeFi protocols to lend and trade large amounts of Ether and Wrapped Bitcoin (WBTC). So, this method made it possible to manipulate prices and benefit from decentralized leverage. WBTC is a token on the Ethereum blockchain that tracks the price of Bitcoin (BTC).
Security checks should have prevented the transaction with which the attacker opened the leveraged trade. But these checks did not trigger due to a bug in the bZx smart contract. The protocol team announced that they had fixed the bug. Robert Leshner, founder of a competing DeFi lending protocol Compound, said:
“Security is the top priority for a financial product. The bZx team has repeatedly demonstrated that it is not able to protect user funds. It should immediately cease operations until they can audit the platform wholly and thoroughly.”
Think we have missed something? Let us know in the comment section below.