Decentralized lending protocol bZx suffered two successful hacks in a matter of days that caused a loss of over 950,000. With this latest development, Decentralized finance (Defi) has taken a huge hit as the attacker was reported to have used multiple Defi protocols in his attempt.
The first bZx hack
The protocol was first compromised on February 14 when the team was at the ETHDenver industry event. Reportedly, the second attack took place on February 18.
In the first attack, the attacker used multiple Defi protocols to swap large amounts of Eth and wrapped Bitcoin (wBTC) – an asset that tracks the price of Bitcoin from the Ethereum blockchain – to manipulate the prices of the assets. In short, the attacker used 5,500 ETH to buy 112 wBTC then swapped them for 6,671 ETH, earning a profit of 1,193 ETH (around 320,000 USD).
Cryptopolitan has covered the first attack, which can be read here.
The second bZx hack
The nature of the second attack is still unclear, but a message by the operations lead Kyle Kistner suggested that the attack was made through oracle manipulation. Oracles are centralized components that provide external data to applications on the blockchain.
It was estimated that the attack caused a loss of nearly 2,400 ETH. At the current trading price, this sum is worth nearly 640,000 US dollars. Kistner claims that the team can neutralize the hack and prevent money loss as they did in the previous attack. He also promised that the whole project would shift to oracles based on the Chainlink protocol, which would make the system more secure.
Featured image by pixabay.