Second hack against the bZx protocol
Second hack against the bZx protocol
Security

Second hack against the bZx protocol

By Marco Cavicchioli - 18 Feb 2020

Chevron down

Yesterday the bZx protocol, the one on which Fulcrum‘s services are based, was hacked for the second time in a week. 

While the previous attack led to a profit of about $350,000 for the attacker, with a capital loss of about $620,000 for the platform, this time the loss would be about $645,000, equivalent to 2,388 ETH

bZx has again suspended the activities of its platform. 

This time the attack would appear to have been carried out by manipulating the oracle, as stated by bZx co-founder Kyle Kistner on the company’s official Telegram channel. 

According to initial analysis, the suspicious transaction took place using flash loans and trading on Synthetix, involving also sUSD, though it did not have any impact on the Synthetix system. 

The attacker opened a flash loan of 7,500 ETH, using 3,518 ETH to buy sUSDs for $1, which were later deposited in bZx as collateral. 

Another 900 ETH were used to buy sUSD on the market thanks to Kyber and Uniswap, in order to manipulate the price by raising it to more than $2. 

In this way, the attacker was able to take out a larger loan than was supposed to, because the collateral seemed to be worth more than it actually was. With this collateral, the attacker then borrowed another 6,796 ETH on bZx which was used to repay the original flash loan. 

In doing so, the hacker eventually pocketed a profit of 2,388 ETH, while the bZx pool lost about $1.8 million in ETH and the sUSD pool gained $1.1 million in ETH.

According to Compound founder Robert Leshner, the bZx team has shown that it is unable to protect user funds and should therefore immediately stop operations until the platform is fully secured. 

“Security is the ultimate priority for a financial product”. 

Marco Cavicchioli
Marco Cavicchioli

Class 1975, Marco teaches web-technologies and is an online writer specializing in cryptocurrencies. He founded ilBitcoin.news, and his YouTube channel has more than 25 thousand subscribers.

We use cookies to make sure you can have the best experience on our site. If you continue to use this site we will assume that you are happy with it.