DeFi Protocol bZx Loses $1.7M in Latest Security Exploit; BZRX Tanks 40%

coinfomania.com 2020-09-14 09:23
Reading time: ~2 m

Decentralized finance (DeFi) protocol, bZx, was at the end of another security exploit this weekend after the team confirmed the loss of 4761 ETH ($1.72 million).

The loss was a result of a bug that allowed hackers to duplicate several iTokens on the platform, before eventually cashing out. The team says it has patched the duplication method out of the iToken contract code, while the protocol has resumed normal functioning.

⚠️ 📢 UPDATE:

1/ At 3:28 AM EST we began investigating a drop in the protocol TVL. By 6:18 AM EST we confirmed that a duplication incident had occurred with several of the iTokens.

— bZx (@bZxHQ) September 13, 2020

1inch.exchange co-founder, Anton Bukov, spotted the nine transactions in which the hacker duplicated 101,778 $iETH tokens (worth 4761 ETH) and moved to a new ETH address. The funds are yet to move at the time of reporting.

Meanwhile, the team has made affected users whole from its insurance fund, meaning that “the debt will be wiped clean and the protocol will move forward unimpeded.”

But the latest exploit may be worrying to onlookers since it follows two earlier audits on the bZx protocol. As stated by the team in a postmortem report, audits are not “silver bullets” to shield the protocol from such incidents.

Leading security firms Peckshield (which audited the Multi-collateral DAI (MCD) contracts for MakerDAO) and Certik have audited the bZx protocol in the wake of other security breaches this year.

BZRX drops 40%

While the team has promised to reimburse affected users, holders of the project’s native token, BZRX, still have to contend with a 40% drop in the portfolio’s value following the incident this week. At the time of writing, BZRX traded at a $0.43 price, with a market cap of $62.4 million.

Data from DeFi Pulse also shows that some 979.3 ETH (appr. $495,000) is still locked in the protocol, a stark contrast from the start of September when $2.3 million worth of tokens were locked in.

Undoubtedly, security exploits such as the latest on bZx reiterate the recent remarks by Ethereum co-founder, Vitalik Buterin, that people are underestimating DeFi risks.

See Also: How Hackers Stole $5.6 Million Worth of Ethereum Classic (ETC) from OKEx

Follow us on Twitter, Facebook, and Telegram to receive timely updates. Subscribe to our weekly Newsletter.