DeFi protocol, bZx, hacked for the third time. As a result of the attack, 219 thousand 200 LINK, 4 thousand 503 ETH, 1 million 756 thousand 351 USDT, 1 million 412 thousand 48 USDC and 667 thousand 989 DAI were lost.
The decentralized finance (DeFi) lending protocol bZx was hacked once again last night and lost $ 8 million due to a faulty code in their smart contracts.
The bad code enabled an attacker to increase the iTokens balance (bZx’s interest-bearing tokens), The Block reported. Hours after noticing the error, bZx stopped burning with iTokens production, and then the transactions resumed with the balances corrected.
219 thousand LINK obtained 4 thousand 500 ETH
The error prompted the hacker to generate 219,200 LINK tokens (about $ 2.6 million), 4503 ETH (about $ 1.6 million), 1,756,351 USDT, 1,412,048 USDC, and 667,989 DAI. This corresponds to approximately $ 8.1 million. In its statement, bZx explained that no user funds are at risk and the losses are covered by the insurance fund.
Marc Thalen, chief engineer at bitcoin.com, initially claimed to have detected the bug and noted that more than $ 20 million of bZx funds were at risk. Thalen created a loan using USDC (100 USD) to expose the error. The engineer said, “I got the iUSDC from this. I then sent the funds practically to myself by copying and creating a request for $ 200, ”he said.
Those who checked the protocol could not find the error
Kyle Kistner, co-founder of bZx, said: “It is difficult to understand how the two firms (Peckshield and Certik) overseeing the protocol failed to find the error. They are preparing an analysis on this situation ”.
Peckshield, one of the audit firms, said, “An inspection does not guarantee to find all errors,” while Certik commented, “Safety is a journey.” Some experts suggested that bZx stop its operations and re-check its protocol, while Kistner stated that bZx security auditors do not recommend such a course of action.
While Thalen was also waiting for a reward from bZx for the error, Kistner said in a statement that Thalen would receive a $ 12,500 reward for reporting an incident that is already under investigation.
This is the third attack!
With this attack, bZx experienced the third attack. In both attacks in February, 945 thousand dollars of funds were lost.
The latest attack resulted in a sharp 70 percent drop in the locked total value of bZx. Kistner, on the other hand, pointed to a possible rise by stating that nothing is certain in DeFi.
On how to gain users’ trust after these attacks, Kistner said, “We want to create products and incentive structures that are so attractive that users will have to use us regardless of what they think of our brand.” said.