bZx, a decentralized finance (DeFi) protocol on Ethereum (ETH) network, has been hacked again, losing an estimated amount of 2,388 Ethers worth around $645,000.
“This attack appears to be an oracle manipulation attack,” Kyle Kistner, co-founder of the platform, wrote on its official Telegram channel.
This is the second attack on the DeFi platform in a span of four days as the first attack the hackers managed to siphon 1,193 Ethers with a market value of almost $322,000, as of press time.
We have hit the pause button on the protocol again in light of suspicious transactions using flash loans and trading on Synthetix.
— bZx (@bzxHQ) February 18, 2020
“We can neutralize this like we did last time,” Kistner added.
Flaws in DeFi platforms?
Founded in 2017, bZx developed a DeFi protocol creating an ecosystem of decentralized applications (DApps), including margin trading and lending platform, wallets, and many more.
2020 Trading Cup Gets Off to a Flying StartGo to article >>
The previous exploitation of “flash lending” was done on its Fulcrum platform and was estimated to have compromised roughly 2 percent of the total assets under management (AUM) of the platform.
As Finance Magnates reported earlier, the attackers exploited flash loans using another well-known DeFi platform – Compound.
The reports of the new attack on the DeFi platform surfaced following the publication of a detailed “Post-Mortem” of the first attack this morning. Kistner also assured that all funds of the platform’s users are safe.
Following the first attack, the platform also decided to integrate Chainlink’s solutions to flag suspicious transactions, and after the second attack, the process has been expedited, Kistner revealed on Telegram.
From what I can tell, it was some type of manipulation of sUSD via kyber. Looks like the eth was sold for sUSD over and over and over then rebought and had a profit after loan (7500 eth) was repaid.
— eric.eth (@econoar) February 18, 2020
“Note that this is not yet a loss, but has the potential to become a loss,” Kistner mentioned about the impact of the first attack. “According to our calculations, the collateral currently residing in our vault is enough to service interest payments at market rates on the loan for hundreds of years if nothing is done. However, there is an element of volatility risk since the collateral is in wBTC, the interest is denominated in ETH, and interest is only converted into ETH every 28 days.”