- bZx marked it’s third exploit of 2020, losing $8.1 million of funds to a vulnerability in the code.
- The BZRX token fell by 30% in the aftermath of the incident, as the burden of the loss was shifted to the insurance fund.
- bZx’s fate rests with the broader DeFi community and whether they decide to return to the protocol as users.
Share this article
Less than two weeks after re-deploying on mainnet, bZx has been exploited for $8.1 million of LINK, ETH, and stablecoins. The incident caused the BZRX token to fall over 30%, as the value of the token secures protocol deficits.
How Many Times Is Too Many?
Earlier this year, the team behind bZx paused the protocol after two consecutive hacks caused a mass outflow of capital. Promising to come back stronger, bZx built a new iteration of the product over six months. The protocol was finally deployed again on Sept. 2.
It’s been less than two weeks, and bZx has been attacked once again.
This time, however, the loss is exceptionally higher than before. Given prevailing prices at the time of the hacks, bZx had been previously exploited for $330,000 and $640,000, respectively.
The latest hack saw $8.1 million of customer funds lost.
1/4 Last night I found an exploit in BRZX. I noticed that a user were capable of duplicating “i tokens”. There was 20+ million $ at risk. I informed the team telling them to stop the protocol and explained the exploit to them. At this point none of the founders were up.. pic.twitter.com/MdJqOH2IPu
— Marc Thalen (@MarcThalen) September 14, 2020
bZx’s iToken’s were deployed with a bug that allowed users to increase their balances artificially. The platform’s sustained losses were as follows:
- 219,199.66 LINK ($2.61 million)
- 4,502.70 ETH ($1.65 million)
- 1,756,351.27 USDT
- 1,412,048.48 USDC
- 667,988.62 DAI
The insurance fund will bear the liability for these losses. Since the BZRX token derives a portion of its value from the insurance fund, its price tanked 31% yesterday.
BZRX is down 74% since peaking on Aug. 31.
Even after writing new code, employing fresh audits, and coming back to mainnet, bZx cannot seem to catch a break – and neither can their investors.
So @bZxHQ admins updated their tokens to unverified implementation with a backdoor that allows them to burn funds of any user. Then after burning funds of some users involved in hack, they updated to a normal implementation with bugfix. https://t.co/9529Ao93ly
— Roman Semenov 🌪️ 👹 (@semenov_roman_) September 13, 2020
In a blog post dissecting the incident, bZx attributed the multiple hacks to the protocol being “the most powerful, fully functioned lending protocol in the space, and this means that there is a lot of code to cover.”
Smart contracts are challenging, but suffering three exploits in seven months is absurd.
The fate of bZx is now solely in the hands of the DeFi community. Whether users will return to the protocol remains to be seen.
2,388 ETH Estimated Lost in bZx’s Second Exploit
bZx, the DeFi protocol on the receiving end of the ecosystem’s latest exploit, has been hit with a second attack, this time using the protocol’s own flash loans that were…
bZx Partner With ChainLink, Considering Band Protocol and Uniswap
DeFi lending and trading protocol bZx announced their plans to integrate ChainLink, Band Protocol, and Uniswap v2 as price oracles. The news comes a few weeks after the protocol was…
Data Suggests Ether Lenders Have Forgiven bZx
Just four days after the first bZx attack, Ether lenders could have earned up to 42% handing off their ETH. Now, it looks like this interest rate has lowered, indicating…
Credit: Source link