1 / 3

DeFi Lending Protocol BZx Gets HACKED for the Third Time

Investigation showed that bZx's initial source code works incorrectly when _from equals to _to which led to losses worth around 4,700ETH.<br><br>

cryptodose
Download Presentation

DeFi Lending Protocol BZx Gets HACKED for the Third Time

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. DeFi Lending Protocol bZx gets HACKED for the third time Investigation showed that bZx's initial source code works incorrectly when _from equals to _to which led to losses worth around 4,700ETH. The news of bZx, an open-source lending marketplace getting hacked for the third time since it went live on Ethereum mainnet hit the crypto space yesterday. This is barely 7 months since the first and second time it was hacked. The latest hacking incident, bZx posted that it was due to a bug that was exploited by an attacker to duplicate iToken contract code when was then used to siphon funds from the lending protocol. In the ​tweet​, bZx said;

  2. 1/ At 3:28 AM EST we began investigating a drop in the protocol TVL. By 6:18 AM EST we confirmed that a duplication incident had occurred with several of the iTokens. 2/ Lending and unlending was temporarily paused. The duplication method has been patched out of the iToken contract code, and the protocol has resumed normal functioning. Folded hands More details will follow! Anton Bukov co-founder of 1inch.exchange decided to dig deeper to give an independent assessment of what happened. In a tweet thread, Bukov’s investigation showed that bZx’s initial source code works incorrectly when _from equals to _to. This led to the funds duplication earlier put out by bzX lending protocol on why it was hacked. In addition to that, Bukov says he found 9 exploiting transactions on ​$iETH lending token with 101778 ​$iETH tokens duplicated. The total fund’s lost was around 4,700ETH, which is $1.7 million at ETH’s present rate. bZx issues an official statement on how its lending protocol was hacked Hours after bZx alerted its community about the hacking incident; it has published an official ​report on what happened. While the report quells any concerns as to the solvency of the lending protocol to cover the losses, it still corroborates Bukov’s investigation earlier. In summary, the hack was due to the bug in the _from and _to address which the hacker exploited. bZx’s incident report went further to show how much was added to the insurance fund to ensure nobody’s fund is affected. The following debts have added to the insurance fund are: ● 219,199.66 LINK ● 4,502.70 ETH

  3. ● 1,756,351.27 USDT ● 1,412,048.48 USDC ● 667,988.62 DAI Even with heavyweight smart contract security firms like Peckshield and Certik auditing bZx’s code, the hacking incidents seems to be unending. In the earlier hack incidents, losses totalling around $954,000 occurred. Read More: https://cryptodose.co/defi-lending-protocol-bzx-gets-hacked-for-the-th ird-time/

More Related