bZx, the Decentralized Finance (DeFi) lending protocol, has been on the receiving end of another malicious exploitation. Just days after the protocol suffered a $350k worth of crypto loss, it has been hit by a second attack that has led to the loss of an estimated 2,388 ETH. This time around, the protocol has been hit using its own flash loans which it activated just yesterday. This has led to the firm halting offering its services until further notice.
In addition, bZx co-founder Kyle Kistner, through the firm’s Telegram channel, claimed that the latest attack was executed by manipulation of price oracle. The hacker is estimated to have gotten away with 2,388 ETH worth about $645, 000 at the time. However, the previous exploitation happened on the protocol’s fulcrum platform. An estimated 2% of the total assets under management were stolen.
According to reports, the attackers capitalized on flash loans on top of another DeFi platform called Compound. Unfortunately, bZx added flash loans just yesterday which the attacker manipulated to procure a 7,500 ETH loan. Furthermore, the trader used 3,500 ETH of the loan procured, to purchase USD from Sythentix depot and used it as collateral on bZx.
Indeed, bZx earlier today published a post mortem of the previous attack. The DeFi firm noted that 1,193 ETH, currently worth around $298,000, were stolen. Mindful of the latest bZx attack, the firm has paused its blockchain protocol.
bZx Integrates Chainlink to Monitor Transactions
Moving forward, after the initial attack, bZx integrated Chainlink solutions to help monitor and alert on suspicious transactions. However, according to Kistener, the process has been hastened following the second manipulation.
In conclusion,Robert Leshner, the founder of alternative DeFi platform, Compound commented on the attack. He highlighted the significance of security in the financial sector claiming that bZx should stop operations and be thoroughly audited. He said:
“Security is the ultimate priority for a financial product. The bZx team has repeatedly demonstrated that it isn’t capable of protecting user funds, and should immediately cease operations until the platform can be thoroughly and completely audited.”