Vulnerabilities

Decentralized lending protocol bZx was hacked again; $ 350k USD stolen

In addition to having to deal with their limited use and the distrust of conventional financial institutions, enthusiasts of the decentralized economy also face cybercrime. According to cybersecurity specialists, the decentralized lending protocol bZx was hacked twice in a matter of days, incidents that resulted in the loss of more than $900k USD.

The administrators’ report mentions that the
protocol was attacked on February 14, while the security team was at an
ETHDenver event. On the other hand, the second attack was recorded during the
early hours of this Tuesday, February 18.

Cybersecurity specialists say threat actors employed various decentralized finance protocols to conduct unauthorized transactions on Bitcoin and Ethereum. To begin with, the attackers borrowed 10,000 Ethereum units from the dYdX loan protocol. Out of that 10,000 ETH, 5,500 (about $1.4M USD) were used as collateral to obtain a loan of 112 Bitcoin (more than $1M USD) in the decentralized Compound protocol. This fraud scheme represented a loss of more than $300k USD. The operators of this protocol mentioned that the flaw exploited by the threat actors has already been corrected.

On the other hand, cybersecurity specialists
are still unclear about how the second incident was deployed, although a
potential cause is an oracle manipulation attack, which are centralized
components that provide external data to applications chain.

The only thing traders have been able to
confirm is that the second attack resulted in losses of about $640k USD,
although they have mentioned that it is possible to neutralize the security
flaw and prevent asset loss. Finally, the operators claim that bZx will switch
to the use of oracles based on the supposedly safer Chainlink protocol.

According to the International Institute of
Cyber Security (IICS), the inability to track most cryptocurrency
transactions is a double-edged sword because, while this feature protects
users’ privacy, it can also be exploited by hackers who steal digital assets
without the possibility of recovering them.

Comments
To Top

Pin It on Pinterest

Share This