DeFi platform bZx exploited for $8.1 million

The DeFi platform bZx was exploited for $8.1 million on Sunday, September 13th; this is the third time this year that bZx has been exploited. 

How the bZx exploit happened

The bZx team noticed that there had been an exploit when a single withdrawal resulted in a significant drop in their Total Value Locked. Afterward, they discovered that there was a bug in their protocol that tricked the platform into minting unbacked iTokens; iTokens are bZx’s interest accumulating tokens. The bug allowed the attacker to duplicate their tokens by minting unbacked iTokens into their account and then withdrawing them, which led to a 219,199.66 LINK, 4,502.70 ETH, 1,756,351.27 USDT, 1,412,048.48 USDC, and 667,988.62 DAI loss for bZx. 

Upon noticing the exploit, the bZx team paused minting and burning of iTokens but later resumed those operations once the bug had been patched. The team also debited the loss from the protocol’s insurance fund.

How did the bug go unnoticed?

Hours before the exploit took place, Marc Thalen, lead engineer at Bitcoin.com warned the bZx team of the attack vector. 

At the time, all members of the bZx team were asleep, and by the time they woke up, the bug that Thalen warned about had been exploited by the attacker.

This is the third time this year that bZx has been exploited. In February, bZx was exploited twice, for $350,000 and $650,000 (both in ETH), respectively.

 In every attack, bZx was neither hacked nor breached, instead, an individual with a strong understanding of how the bZx protocol worked was able to take advantage of its inner workings to generate hundreds of thousands, and now millions of dollars for themself.

Which makes it a good time for us to remind you that the entire DeFi ecosystem is built on shaky ground. Fortunately, bZx had an insurance fund and was able to replenish their losses, however, not every DeFi platform has an insurance fund. Several DeFi exploits have taken place this year and we are beginning to see DeFi token projects exit scam and pull the rug on their ecosystem. When it comes to DeFi, it is best to proceed with caution, and if you don’t understand how an investment works, then it is better not to invest at all.

Source: Read Full Article