Thursday, November 26, 2020
No menu items!
  • News
  • Cryptocurrency
  • Contact Us
More

    bZx Loses Over $8 Million of User Deposits In Another Major Hack

    Must Read

    Santiment: XRP Is Set To Surpass Ethereum in a Key Metric Maintained By ETH for Seven Months

    The cryptocurrency intelligence platform, Santiment, has indicated that the third-largest cryptocurrency by market cap, XRP, is set to surpass...

    Binance Announces Support for Spark Tokens Airdrop Planned By Flare for XRP Investors

    Binance, the arguably largest cryptocurrency exchange by trading volume, has announced the support for Spark tokens airdrop planned by...

    Ethereum 2.0 Now Ready To Go Live On 1st December with Over 700,000 ETH Deposits

    Over the past two days, there has been a remarkable increase in the commitment of the Ethereum community towards...
    Avatar
    Solomon Odunayo
    Solomon has a growing passion for writing, this propelled him to keenly work on Eagles News Media for about two years before delving into the cryptocurrency and Blockchain industry he finds more interesting. He worked as a crypto Journalist and Editor at NewsLogical before joining Herald Sheets, owing to the priceless experience he has accumulated since he became a contributor in the crypto community.




    bZx, a decentralized finance lending protocol, has been hit with another major hack, losing over $8 million in user deposits in the process, a sum that is equivalent to 30% of its Total Value Locked. This came a few months after bZx lost over $954,000 in two similar attacks.

    A couple of hours ago, the DeFi lending protocol shared an update on Twitter after a huge drop in TVL was noticed by its developers:

    “At 3:28 AM EST we began investigating a drop in the protocol TVL. By 6:18 AM EST we confirmed that a duplication incident had occurred with several of the iTokens.

    “Lending and unlending was temporarily paused. The duplication method has been patched out of the iToken contract code, and the protocol has resumed normal functioning.”

    Although lending and unlending were halted and iToken contract code was patched up, the hacker had already leveraged the bug to cart away with relatively $8 million in user deposits.

    In a follow-up report, bZx stated that the duplication bug that opened the door for the said exploit was patched up as soon as it was audited by the two prominent security firms in the crypto ecosystem, Peckshield and Certik.

    Also, for clarification, bZx pointed out that “No funds are currently at risk. Those funds outlined have been debited against our insurance fund. Nobody currently using the protocol is in danger.”

    Reactions of Some Industry Experts

    According to Lead Engineer at Bitcoin.com, Marc Thelan, the team of developers behind the decentralized finance (DeFi) lending protocol were likely too slow to deal with the problem.

    In a series of tweets, he noted:

    “Last night I found an exploit in BRZX. I noticed that a user were capable of duplicating “i tokens”. There was 20+ million $ at risk. I informed the team telling them to stop the protocol and explained the exploit to them. At this point none of the founders were up..

    “I tried the exploit out. I created a loan using USDC (100 USD). From this I retrieved iUSDC. I then sent this to myself practically duplicating the funds. I then created a claim for 200 USD.

    “After a while the admin I was talking to told me that he finally got a hold of the team and was passing the info I was giving them through to them. At this point the attacker I noticed had drained substantial amounts of Dai and USDC.

    “BzX did an emergency stop and paused the contracts. I am currently awaiting my bounty as it has to go through “independent board” who will decide if it will be granted to me. Since BRZX already made a post mortem report on this I figured it share here what actually happened.

    “I am highly convinced that the complete pool could have been drained if the attacker had a bit more time.

    The reason I am tweeting this is not to slander BZX but far too often teams do not pay out their bounties even though in this scenario the amount at risk was very substantial. (Will update here when I hear more about my bounty claim).”

    Despite the display of vulnerability, some still came in defense of bZx. According to the founder of Aave Protocol, Stani Kulechov, “bZx incident recently showed that it’s easier forked than done. They had multiple audits, formal verification and took substantial time before coming back to main-net and yet all the diligence does not guarantee safety. Something that every DeFi user should understand.”

    Join us on Twitter

    Join us on Telegram

    Join us on Facebook




    LEAVE A REPLY

    Please enter your comment!
    Please enter your name here

    Latest News

    Santiment: XRP Is Set To Surpass Ethereum in a Key Metric Maintained By ETH for Seven Months

    The cryptocurrency intelligence platform, Santiment, has indicated that the third-largest cryptocurrency by market cap, XRP, is set to surpass...

    Binance Announces Support for Spark Tokens Airdrop Planned By Flare for XRP Investors

    Binance, the arguably largest cryptocurrency exchange by trading volume, has announced the support for Spark tokens airdrop planned by Flare Network for the XRP...

    Ethereum 2.0 Now Ready To Go Live On 1st December with Over 700,000 ETH Deposits

    Over the past two days, there has been a remarkable increase in the commitment of the Ethereum community towards the launch of ETH 2.0...

    CipherTrace Is Determined To Unravel Monero (XMR) Transactions Obscurity

    CipherTrace, a blockchain analytics firm, is developing tools to track the transactions of the world’s largest privacy token, Monero (XMR). And in less than...

    XRP Surged Over 130% in the Last Week, Far Outpacing BTC and ETH –Forbes Explains Why

    The Ripple’s digital token XRP has been exhibiting a price uprising over the last week. It has significantly outpaced the surging trend of the...

    More Articles Like This