Earlier today, reports emerged that bZx – the eighth largest DeFi protocol by Total Value Locked (TVL) was compromised and a significant amount of Ethereum (ETH) contained was lost. The bZx protocol powered Fulcrum trading platform was frozen for further activity (except for lending and unlending) and the team announced that they are investigating the matter.
However, it is important to realize the fact that while the protocol was exploited, it wasn’t “hacked” or “compromised” in any other way. The smart contract code (Fulcrum Perpetual Short ETH-WBTC) functioned as intended, it was however a “well thought out manipulation”. The price of WBTC was manipulated, using loans given by the platform, to profit later from a short position.
0/ The DeFi Score team @ConsenSysCodefi is tracking the recent @bzxHQ vulnerability. Details are still emerging, but it looks like it wasn’t a smart contract hack, but a manipulation of the @UniswapExchange market that bZX uses as an oracle.https://t.co/1LRp3xfuK6— Jordan Lyall – @ ETHDenver (@JordanLyall) February 15, 2020
What’s The bZx Protocol?
Launched in 2018 on Ethereum blockchain, bZx Protocol is a Decentralized Finance (DeFi) product which allows users to lend and trade, using margin and leverage. Its trustless and permission-less in nature. The protocol supports ETH, DAI, USDC, KNC, LINK, REP, WBTC and ZRX. Its native governance token is BZRX.
What Actually Happened On bZx?
The following information has been taken from the bZx Discord. The rogue actor first took out a 10,000 ETH ($2.7M) flash loan from dYdX (another DeFi protocol). Then invested 5,000 ETH in Compound (DeFi) and 5,000 ETH in bZx, before proceeding to borrow 112 WBTC from Compound, which was then used to short WBTC on bZx with 50/50 of the initially borrowed 10,000 ETH. The rogue actor then dumped 112 BTC on Kyber Uniswap to push down the price and profit from the short position. Pays back the original loan of 10,000 ETH to dYdX (the original contract is reported to have 1M ETH in Compound and 650K WBTC debt).
From bzx discord pic.twitter.com/D0BBPJHQtr— Kalpesh from cryptostoic.com (@KalpeshEm) February 15, 2020
The rogue actor was earlier reported to have made 350K USD profit, however bZx team reported that the determination of the actual loss is not possible at this time because of the comprehensive and complex nature of the transaction and manipulation vector.
1/ Due to the complexity of the transaction, providing a comprehensive accounting of the losses will require additional time. This was not a simple Uniswap attack, and we do not use Uniswap as an oracle.— bZx (@bzxHQ) February 15, 2020
All Funds Are Safe, No Lender Affected
bZx team announced that they are working on a fix (contract upgrade) after the exploit and will deploy it soon to secure the protocol against such attacks in the future. The Fulcrum network will be back online soon.
6/ We are adding additional measures to ensure that this does not happen again, which will be documented in the post-mortem. Fulcrum will be coming back online 10:30pm MST. Thank you for your patience and your support. It means so much to us.— bZx (@bzxHQ) February 15, 2020
It was also reported that all users have zero losses. Since, from the perspective of the protocol, someone took out a loan, which is like any other. There is currently 600K WBTC left as collateral by the rough actor, which will be used by bZx team to stream interest and provide exit liquidity to existing iETH holders.
Funds are SAFU:
1/*All users have ZERO losses*. Last night there was a widely reported attack that took place against our protocol. From the perspective of the protocol, someone simply took out a loan. From the perspective of the lender, this loan is like any other.— bZx (@bzxHQ) February 15, 2020
The bZx protocol’s official twitter account further announced that no lender will be affected by the attack so as long as the borrowing is permanent and the borrower is ensured to pay interest (currently paying high interest to lenders), the lending pool will continue to remain healthy.
2/ The liquidity conditions for ETH lenders is exactly the same as for any other pool. The loan pays interest just like any other loan. In fact, it is currently paying lenders a very high interest rate. As long as it is a permanent borrower, it is a great boon to lenders.— bZx (@bzxHQ) February 15, 2020
In order to support and motivate the CryptoTicker team, especially in times of Corona, to continue to deliver good content, we would like to ask you to donate a small amount. Independent journalism can only survive if we stick together as a society. Thank you
Nexo - Your Crypto Banking Account
Instant Crypto Credit Lines™ from only 5.9% APR. Earn up to 8% interest per year on your Stablecoins, USD, EUR & GBP. $100 million custodial insurance.
It is super easy to buy Ethereum. Just take a look at our exchange comparison!
This post may contain promotional links that help us fund the site. When you click on the links, we receive a commission - but the prices do not change for you! :)
Disclaimer: The authors of this website may have invested in crypto currencies themselves. They are not financial advisors and only express their opinions. Anyone considering investing in crypto currencies should be well informed about these high-risk assets.
Trading with financial products, especially with CFDs involves a high level of risk and is therefore not suitable for security-conscious investors. CFDs are complex instruments and carry a high risk of losing money quickly through leverage. Be aware that most private Investors lose money, if they decide to trade CFDs. Any type of trading and speculation in financial products that can produce an unusually high return is also associated with increased risk to lose money. Note that past gains are no guarantee of positive results in the future.
You might also like
More from Blockchain
Enjin Incentivized Agents Based Envoy Program Goes Live
It has already been a busy year for the Enjin team and the progress continues with the announcement of the …
OMG Network Plasma L2 Scales Ethereum To Thousands Of TPS
The OMG network announced on Jun 1 that its Plasma Layer 2 scaling solution for Ethereum has gone online on …
Balancer Pools Get Drained Off $500K Through STA Exploit, Team Reimburses
In a black day for Decentralized Finance (DeFi), two Balancer pools got drained off at least $500,000 through an exploit …