DeFi setback at bZx ETHDenver saw Fulcrum Protocol being exploited afresh. bZx, a decentralized finance (DeFi) project, was hacked during its ETH Denver presentation yesterday. The attacker was able to successfully hack various DeFi protocols simultaneously and steal three hundred fifty thousand dollars ($350K) from bZx. The amount represents around two percent of its total assets.
The attack involved bZx Fulcrum protocol, which was later shut down by the company as a response to the hack. The pricing Oracle of bZx was the vulnerability that the hacker used to extract the cash from the protocol. As per sources, the company employed just one oracle for pricing purposes.
bZx Fulcrum protocol vulnerable to exploits
ETHDenver was underway when bZx was hacked, causing further embarrassment to the firm. The bZx team also had to address ETHDenver Hackathon community. The company has not yet returned to the event. Additionally, it confirmed the hack on its official Twitter handle and also announced compensation to the lenders.
The current DeFi setback is symptomatic of the vulnerabilities that are coming to the fore in the industry. Sergey Nazarov, the CEO of Chainlink, classified the hack as part of the rising trend involving price information-sourcing attacks. Services gathering price information using a single oracle and publishing on-chain price data are vulnerable to attacks. DeFi teams across the board are suffering from such hacks and working vigorously to resolve the issue.
Issues in DeFi need immediate solutions
Developer teams should not wait for an epic DeFi setback before searching for a solution. Most firms rely on a single oracle-exchange connection in the Fulcrum protocol. The bZx hack represents the novelty and risks associated with flash loans. Flash loans are given to traders for an extremely short duration, and the hacker used this feature in his exploit.
The hacker took a flash loan of ten thousand ETH, which he further split into two parts. Next, he went short on Wrapped Bitcoin, selling them on UniSwap. bZx derives price information from UniSwap which made the short extremely profitable. This has raised the question of whether a particular DeFi setback is worthy enough to set the trend for industry-wide improvements.
Featured Image by Pixabay