DeFi protocol bZx victim of an exploit

DeFi protocol bZx victim of an exploit

The DeFi protocol bZx was the victim of an exploit. In this attackers stole 3,300 ETH from the project's smart contract. The Fulcrum trading platform was temporarily closed in this connection.

On the morning of February 15th there was an unpleasant surprise for users of the DeFi lending protocol bZx: The team behind the protocol wrote a short tweet:

The details came and were a little more uncomfortable. Attackers were able to exploit a security gap in the smart contracts of the DeFi project overnight and thus stole 3,300 ETH. According to the current ether exchange rate, this corresponds to a total of almost $ 880,000.

The governance of bZx acted promptly and closed the trading platform Fulrum until further notice. Lending was also paused. and the smart contract behind bZx updated. So it looks like the problem has been fixed.

DeFi, DeFi protocol bZx victim of an exploit

But what exactly happened? The developer Julien Bouteloup presented this quite clearly in a tweet:

1/ Due to the complexity of the transaction, providing a comprehensive accounting of the losses will require additional time. This was not a simple Uniswap attack, and we do not use Uniswap as an oracle.

The attack was interesting overall, as various interlocking instruments from the decentralized finance area were used. The attackers borrowed a so-called flash loan of 10,000 ETH via the DeFi platform dydx . They used 5,000 ETH on Compound to borrow 112 wBTC (ERC-20 tokens covered with Bitcoin). On bZx they have now shorted Bitcoin with a leverage of 5. After all, they sold the 112 wBTC on the DEX Kyber. The wBTC markets are known for their low liquidity, so this sale caused the wBTC price regarding Ethereum to fall dramatically.

With the profit made, the attackers were not only able to repay the flash loan, but also made a large profit. What's interesting is that the whole attack happened in a single transaction - and didn't even cost $ 10 in transaction fees.

Systems of the bZx users are safe

The developers at bZx finally emphasized that the users' systems would continue to be safe. According to the team behind bZx, these systems were not touched. In fact, the attack has even paid off for those who lend ether, as the attack has currently changed the rate of interest for Ethereum. Accordingly, the team advises you to keep calm.

According to defipulse, bZx is still the eighth largest decentralized finance project even after the attack. Accordingly, this exploit made waves. Critics of the DeFi ecosystem saw their concerns confirmed in the attack, especially in the pause of the smart contract behind bZx. Alex Bosworth, Infrastructure Lead at Lightning Labs, saw an example of how little decentralized DeFi projects actually are:

If your “defi” project has an admin key or a coordinator, a set of oracles, a group of validators or cosigners, a default trusted keys list, even if you “have plans to phase it out”, what you are actually doing is running a financial service. In other words you actually have no d

But friends of projects like MakerDAO or bZx also pointed out the inherent risks in the DeFi ecosystem. Bosworth also emphasized that this type of attack was already known. In September 2019, Sam Sun, auditor of Smart Contracts, pointed out a similar security vulnerability . Unfortunately, apparently too little has been done to close the vulnerability.

What does the bZx exploit mean for DeFi?

First of all, as with all investments in the crypto sector, investors should not underestimate the risk. Nobody should invest more money than they can lose. This is not simply due to the volatility of Bitcoin & Co., but also due to possible uncertainties. However, decentralized finance has other special features. DeFi projects, unlike their centralized counterparts, are somewhat more transparent thanks to their decentralization, but the phrase Not your keys, not your coinsapplies here too. The administrators of a large number of DeFi projects have special access and can thus exercise control over the underlying smart contracts. It remains to be seen how decentralized projects like bZx will be in the future. Until then, everyone interested in DeFi has to carry out strict risk management. A good start for this is the overview compiled by DeFi expert Chris Blec .

► Get it here: https://amzn.to/2CLBOgK

►Website: http://axtschmiede.com

Support My Work On Patreon https://www.patreon.com/zealftw

If you want to support me for free then you can do so via the following options, thank you!

Use the Bittube browser And Make Money While Browsing! Here’s the link: https://bittubeapp.com/?ref?2JXLODL50

Publish0x – a place where both Readers and Bloggers Earn Crypto https://www.publish0x.com/?a=open5lPd7A

Earn Bitcoin through one of the oldest Faucets https://freebitco.in/?r=18413045

Earn Litecoin http://moonliteco.in/?ref=b50d5a9004e3

Earn BItcoin Cash http://moonbitcoin.cash/?ref=536CAB98A8B8

Earn BTC http://moonbit.co.in/?ref=17c0b775e45a

Join me On Minds and earn even more Cryptocurrency! https://www.minds.com/register?referrer=THauerBYI

Signup and get a FREE Guide on How To Create your Morning Routine! https://mailchi.mp/f5cabc2538c0/selfimprovement

If you like my posts then support me through the links in my bio, thank you!