Decentralized finance (DeFi) lending protocol bZx, which is a fully decentralized protocol for margin lending and margin trading on the Ethereum blockchain, has recently faced two times hacks after losing totaling around $954,000. The second attack took place on Feb. 18.
Tricky way of first hacking
The attacker adopted a tricky to run his hack. He used a number of DeFi protocols to lend and exchange significant quantities of Ether and wrapped Bitcoin, WBTC, in a way that allowed him to operate the prices and profit off of a decentralized leveraged trade. 10,000 Ether (ETH) was taken as a loan by the attacker from decentralized lending protocol dYdX. The attacker sent 1300 ETH to decentralized margin trading ETH to open a 5x leveraged position on the ETH/BTC pair on bZx’s Fulcrum trading platform and also used 5,500 ETH to collateralize a 112 wrapped bitcoin loan on DeFi protocol Compound. He took 5,637 ETH as a loan through Kyber’s Uniswap and exchanged them for 51 WBTC. After making profit, the hacker returned the 10,000 ETH loan on dYdX.
The subsequent hack
How did the subsequent attack hit is yet unknown. But from a source a piece of news came to us that it was an oracle, are centralized components that provide external data to on-chain applications, manipulations attack. The attack brought a loss of 2,388 ETH. Reportedly, the term can numb the hack and prevent the loss of user funds. It is expected that bZx developers will switch to oracles based on the Chainlink protocol and maybe it would make the system safer.
The outbreak of crypto hacking
Cryptocurrency has become strived for most projects because of its decentralized nature, free from the involvement of third-party and non-reversibility of transactions. But cybercriminals are adopting dishonest means and they get to keep funds if they manage to steal them, while wire transfers could instead be reversed. Reportedly, hacking group Outlaw has been updating its toolkit for stealing enterprises’ data for approximately half a year and many other groups are also walking along the way indeed. Another report revealed saying five United States law firms have been endangered by hackers and demanded for some amount of ransoms. This situation is really untoward for any firm and these types of cybercrimes impede development of crypto. We expect relevant authorities soon take appropriate measures to clamp down these issues.