DeFi Platform bZx Attacked Again, 2388 ETH Siphoned by Hacker
Decentralized Finance (DeFi) lending platform bZx has reportedly suffered another attack with the hacker making off with a profit of 2,378 ETH (about $645,000).
bZx Hits Pause Following Suspected Attack
In a tweet published on Tuesday (February 18, 2020), bZx acknowledged suspicious transactions involving flash loans. The suspected attack comes only days after a similar exploit saw a rogue agent making off with $350,000.
While the previous attack involved shorting of wrapped Bitcoin (WBTC), the latest exploit used a flash loan to manipulate the price of sUSD on the Synthetix trading platform. Below is a summary of the attack as provided by a crypto analyst on Twitter:
- Attacker borrowed 7,500 ETH — flash loan
- The attacker then used 3,518 ETH to purchase sUSD at $1 per sUSD ‘coin’
- Deposited the 3,518 ETH worth of sUSD into bZx as collateral
- Of the remaining 3, 982 ETH from the original flash loan, the attacker placed 900 ETH placed an sUSD buy order on Kyber, manipulating its price to above $2, subsequently reaching about $2.3
- With sUSD propped up, the attacker obtained a 6,796 ETH loan from bZx
- Paid back the original 7,500 ETH flash loan
- The attacker left with a profit of 2,378 ETH
In the previous attack, bZx assured lenders that their funds were safe, even releasing a detailed post-mortem of the exploit on Monday. Some reports indicate that the bZx pool might have lost close to the $2 million as a result of the latest manipulation.
What Next for bZx and DeFi Lending?
Due to the latest attack on its platform, bZx says it has decided to pause its smart contract protocol. The DeFi platform lending service is also trying to expedite its rollout of the ChainLink oracle protocol which could prevent such malicious exploits in the future.
The attacks have also brought the matter of flash loans into sharp relief with opinions split over whether exploiting the market amounts to a hack or simply a savvy trading strategy. According to crypto economist Alex Krüger, these “attacks” are simply people understanding how flash loans work and using it to their advantage.
As for the issue of liquidity concerns, some crypto pundits say such attacks will force the market to mature as the cost of arbitrage moves closer to a minimum value but more robust price oracles will have to emerge first.