Attackers Breach Into DeFi Lending Protocol bZx, Lost Around $8 Million

Jyoti  |  Sep 14, 2020

Once again the decentralized lending (DeFi) protocol bZx was compromised by the hacker and lost around $8 million in cryptocurrency.

The smart contract of the lending protocol has faulty code with the help of which the hacker was able to breach into bZx and steal around $8 million in cryptocurrency.

Duplicate iTokens Balance

As per the report, the attacker used the bug, which appeared in the form of faulty code in the protocol, to duplicate their iTokens balance, bZx interest-bearing token.

Although the bug remained in the system for a few hours, the hacker was still able to make damage. 

When the bZx team gets to know about this the bug in their protocol they stopped creating iTokens.

On the same day, as soon as the problem was fixed and the balance duplication was corrected, the DeFi lending protocol again started its services.

When the hacker breach into bZx's protocol, he mint 219,200 LINK tokens, 4503 ETH, 1,756,351 USDT, 1,412,048 USDC and 668,989 DAI. Currently, the total worth of these minted is $8.1 million.

bZx To Recover Loss Through Insurance Funds

While notifying about the recent bug into its protocol, bZx stated that it would insurance funds to cover all the losses.

The lead engineer at, Marc Thalen, was the first person who discovered the bug in the protocol. He tried to use the bug and even created a loan using USDC.

Further Thalen stated, “From this I retrieved iUSDC. I then sent this to myself practically duplicating the funds. I then created a claim for 200 USD.”

Recently, while talking about the faulty code, the founder of bZx Kyle Kistner stated that he was not able to understand how Peckshield and Certik, the two audit firms of the lending protocol, could identify the bug in their protocol. 

Kistner has mentioned that presently, both firms are trying to find out the internal root cause of this bug. 

Articles You May Read

    Related News