Wednesday, September 23, 2020
No menu items!
  • News
  • Cryptocurrency
  • Contact Us
More

    bZx Loses Over $8 Million of User Deposits In Another Major Hack

    Must Read

    Federal Banks Are Now Free To Hold Reserve Currencies for Stablecoins, Says US Regulator

    According to an interpretive letter released from the United States Office of Comptroller of the Currency, federal banks are...

    Tron Foundation and Unknown Whales Moved 3.5 Billion TRX within One Hour

    According to Whale Alert, the tracker of large transactions of cryptocurrency from one wallet to another, Tron Foundation and...

    Binance Reveals What Prevents Traditional Brokers from Offering Crypto Services

    Binance, the arguably largest cryptocurrency exchange by trading volume, has revealed the major prevention of traditional brokers from offering...
    Avatar
    Solomon Odunayo
    Solomon has a growing passion for writing, this propelled him to keenly work on Eagles News Media for about two years before delving into the cryptocurrency and Blockchain industry he finds more interesting. He worked as a crypto Journalist and Editor at NewsLogical before joining Herald Sheets, owing to the priceless experience he has accumulated since he became a contributor in the crypto community.




    bZx, a decentralized finance lending protocol, has been hit with another major hack, losing over $8 million in user deposits in the process, a sum that is equivalent to 30% of its Total Value Locked. This came a few months after bZx lost over $954,000 in two similar attacks.

    A couple of hours ago, the DeFi lending protocol shared an update on Twitter after a huge drop in TVL was noticed by its developers:

    “At 3:28 AM EST we began investigating a drop in the protocol TVL. By 6:18 AM EST we confirmed that a duplication incident had occurred with several of the iTokens.

    “Lending and unlending was temporarily paused. The duplication method has been patched out of the iToken contract code, and the protocol has resumed normal functioning.”

    Although lending and unlending were halted and iToken contract code was patched up, the hacker had already leveraged the bug to cart away with relatively $8 million in user deposits.

    In a follow-up report, bZx stated that the duplication bug that opened the door for the said exploit was patched up as soon as it was audited by the two prominent security firms in the crypto ecosystem, Peckshield and Certik.

    Also, for clarification, bZx pointed out that “No funds are currently at risk. Those funds outlined have been debited against our insurance fund. Nobody currently using the protocol is in danger.”

    Reactions of Some Industry Experts

    According to Lead Engineer at Bitcoin.com, Marc Thelan, the team of developers behind the decentralized finance (DeFi) lending protocol were likely too slow to deal with the problem.

    In a series of tweets, he noted:

    “Last night I found an exploit in BRZX. I noticed that a user were capable of duplicating “i tokens”. There was 20+ million $ at risk. I informed the team telling them to stop the protocol and explained the exploit to them. At this point none of the founders were up..

    “I tried the exploit out. I created a loan using USDC (100 USD). From this I retrieved iUSDC. I then sent this to myself practically duplicating the funds. I then created a claim for 200 USD.

    “After a while the admin I was talking to told me that he finally got a hold of the team and was passing the info I was giving them through to them. At this point the attacker I noticed had drained substantial amounts of Dai and USDC.

    “BzX did an emergency stop and paused the contracts. I am currently awaiting my bounty as it has to go through “independent board” who will decide if it will be granted to me. Since BRZX already made a post mortem report on this I figured it share here what actually happened.

    “I am highly convinced that the complete pool could have been drained if the attacker had a bit more time.

    The reason I am tweeting this is not to slander BZX but far too often teams do not pay out their bounties even though in this scenario the amount at risk was very substantial. (Will update here when I hear more about my bounty claim).”

    Despite the display of vulnerability, some still came in defense of bZx. According to the founder of Aave Protocol, Stani Kulechov, “bZx incident recently showed that it’s easier forked than done. They had multiple audits, formal verification and took substantial time before coming back to main-net and yet all the diligence does not guarantee safety. Something that every DeFi user should understand.”

    Join us on Twitter

    Join us on Telegram

    Join us on Facebook




    LEAVE A REPLY

    Please enter your comment!
    Please enter your name here

    Latest News

    Federal Banks Are Now Free To Hold Reserve Currencies for Stablecoins, Says US Regulator

    According to an interpretive letter released from the United States Office of Comptroller of the Currency, federal banks are...

    Tron Foundation and Unknown Whales Moved 3.5 Billion TRX within One Hour

    According to Whale Alert, the tracker of large transactions of cryptocurrency from one wallet to another, Tron Foundation and unknown crypto whales moved about...

    Binance Reveals What Prevents Traditional Brokers from Offering Crypto Services

    Binance, the arguably largest cryptocurrency exchange by trading volume, has revealed the major prevention of traditional brokers from offering crypto services. This was revealed in...

    Crypto Trader Lists the Reasons Why XRP Price Will Never Attain 5 Figures

    A cryptocurrency trader and investor has some hours ago listed the reasons why he thinks that the Ripple’s digital token XRP can never attain...

    Jed McCaleb Effects about $3 Million Selloff, As XRP Liquidity Indexes Stay Low

    Going by the recent data released by Bithomp, Jed McCaleb, who co-founded the cross-border payment giant, Ripple, has initiated another selloff of the digital...

    More Articles Like This