DeFi Protocol bZx Lost $8.1 Million in a Third Attack

Monday, 14/09/2020 | 10:01 GMT by Arnab Shome
  • Two audit firms missed the faulty codes in the protocol’s smart contract.
DeFi Protocol bZx Lost $8.1 Million in a Third Attack
Pixabay

bZx, a decentralized finance (DeFi) protocol on Ethereum (ETH) network, has recently lost around $8.1 million due to a faulty piece of code in its smart contracts.

The vulnerability in the smart contract code was first noticed by Bitcoin .com lead engineer, Marc Thalen who then reported it to the bZx team.

In an official blog, bZx co-founder Kyle Kistner detailed that the flawed code was allowing an attacker to duplicate assets or even increase the balance of the platform’s interest-bearing token, iTokens.

The attacker exploited the bug to mint 219,200 LINK tokens (valued around $2.6 million), 4,503 ETH (valued around $1.6 million), 1,756,351.27 USDT, 1,412,048 USDC, and 667,989 DAI (with a market value of around $680,000).

The protocol developer paused the minting and burning of iTokens hours after finding the vulnerability and then resumed them following the implementation of a fix that corrected the balances and duplications.

Before reporting, Thalen, himself, exploited the vulnerability by creating a loan with 100 USDC.

Kistner also highlighted that despite the heavy loss, the users of the protocol will be compensated from its insurance fund.

“No funds are at risk,” the official blog highlighted. “Due to a token duplication incident, the protocol insurance fund has transiently accrued a debt. The insurance fund is backstopped by both the token treasury in addition to protocol cash flows.”

Is DeFi Too Nascent to Get the Hype?

Founded in 2017, bZx developed a DeFi protocol creating an ecosystem of decentralized applications (DApps), including margin trading and lending platform, wallets, and many more.

It was attacked twice in February within days that resulted in a loss of around $945,000.

Kistner also pointed out that two independent audit firms, Peckshield and Certik, failed to identify the recent critical bug.

bZx, a decentralized finance (DeFi) protocol on Ethereum (ETH) network, has recently lost around $8.1 million due to a faulty piece of code in its smart contracts.

The vulnerability in the smart contract code was first noticed by Bitcoin .com lead engineer, Marc Thalen who then reported it to the bZx team.

In an official blog, bZx co-founder Kyle Kistner detailed that the flawed code was allowing an attacker to duplicate assets or even increase the balance of the platform’s interest-bearing token, iTokens.

The attacker exploited the bug to mint 219,200 LINK tokens (valued around $2.6 million), 4,503 ETH (valued around $1.6 million), 1,756,351.27 USDT, 1,412,048 USDC, and 667,989 DAI (with a market value of around $680,000).

The protocol developer paused the minting and burning of iTokens hours after finding the vulnerability and then resumed them following the implementation of a fix that corrected the balances and duplications.

Before reporting, Thalen, himself, exploited the vulnerability by creating a loan with 100 USDC.

Kistner also highlighted that despite the heavy loss, the users of the protocol will be compensated from its insurance fund.

“No funds are at risk,” the official blog highlighted. “Due to a token duplication incident, the protocol insurance fund has transiently accrued a debt. The insurance fund is backstopped by both the token treasury in addition to protocol cash flows.”

Is DeFi Too Nascent to Get the Hype?

Founded in 2017, bZx developed a DeFi protocol creating an ecosystem of decentralized applications (DApps), including margin trading and lending platform, wallets, and many more.

It was attacked twice in February within days that resulted in a loss of around $945,000.

Kistner also pointed out that two independent audit firms, Peckshield and Certik, failed to identify the recent critical bug.

About the Author: Arnab Shome
Arnab Shome
  • 6654 Articles
  • 102 Followers
Arnab is an electronics engineer-turned-financial editor. He entered the industry covering the cryptocurrency market for Finance Magnates and later expanded his reach to forex as well. He is passionate about the changing regulatory landscape on financial markets and keenly follows the disruptions in the industry with new-age technologies.

More from the Author

CryptoCurrency