DeFi Lending Protocol ‘bZx’ Suffers Another Cyber Attack

DeFi or Decentralized Finance lending platform, bZx has recently been attacked, again.

The evaluated loss in 2,388 ETH this time, i.e., almost $645,000. Kyle Kistner, the bZx co-founder in the company’s official Telegram channel stated, “This attack appears to be an oracle manipulation attack.”

Market eyewitnesses are alluding to this exchange as suspicious for the most recent cyber attack.

Kistner said –

“We can neutralize this like we did last time.”

Earlier yesterday, bZx published a posthumous of their initial attack, saying that 1,193 ETH, as of now worth around $298,000, were lost.

Considering the latest suspicious exchange, bZx has again stopped its protocol. The exchange is said to have happened using flash loans and trading on Synthetix. The bZx tweeted yesterday, “It doesn’t impact the Synthetix system though it did involve sUSD.”

What About the Mechanism?

Here’s the obvious mechanism of the cyber attack: –

An attacker took out a flash loan of 7,500 ETH, purchased 3,518 ETH worth of sUSD for near $1 and thusly kept it to bZx as insurance. They at the point utilized 900 ETH to market buy sUSD on Uniswap and Kyber and in this way control the cost of sUSD to more than $2.

This permitted the attacker to take out a bigger loan than they should in light of the fact that the collateral appeared greater than it was. With this collateral, the attacker at that point obtained another 6,796 ETH on bZx and utilized it to reimberse the first flash loan. At last, the attacker got $2,388 ETH in profit which cost around $645,000 – the bZx ETH pool lost about $1.8 million while the eUSD pool picked up $1.1 million.

Robert Leshner, founder of competing Decentralized Finance (DeFi) lending protocol Compound, stated –

“Security is the ultimate priority for a financial product. The bZx team has repeatedly demonstrated that it isn’t capable of protecting user funds, and should immediately cease operations until the platform can be thoroughly and completely audited.”