Lending protocol bZx appeared another bug that the losses high as over $ 8M in user deposit
The development path of the DeFi bZx lending protocol doesn’t seem to be very favorable this year. Seven months after being hit by two significant hacks that cost the protocol more than $ 954,000, bZx made a stir when another bug emerged. This time, the network error caused the loss of more than $ 8 million or 30% of the total value of the bZX token to be locked.
bZx hacked again as duplication bug costs protocol $ 8 million in user deposits
In fact, the sharp drop in TVL was the first thing that caught the attention of bZx developers:
“We confirm that a duplicate issue has occurred with some iTokens.”
While the network activity was quickly suspended and the iToken contract code was patched, hackers can still exploit this bug to get the money mentioned above. bZx soon updated its network patches, claiming the duplicate bug was fixed as quickly as it was checked by Peckshield and Certik – two very well-known security companies.
> No funds are currently at risk. <
Those funds outlined have been debited against our insurance fund. Nobody currently using the protocol is in danger.
— bZx (@bZxHQ) September 13, 2020
Interestingly, according to Marc Thelan, Chief Engineer at Bitcoin.com, the bZx team may have been slow to address the issue at hand.
“Last night, I found an exploit in BRZX. I noticed a user capable of copying” iTokens “. Had more than $ 20 million in damage. I informed the team, asking them to stop the protocol and clarify these errors. At this point, none of the founders have spoken … ”
1/4 Last night I found an exploit in BRZX. I noticed that a user were capable of duplicating “i tokens”. There was 20+ million $ at risk. I informed the team telling them to stop the protocol and explained the exploit to them. At this point none of the founders were up.. pic.twitter.com/MdJqOH2IPu
— Marc Thalen (@MarcThalen) September 14, 2020
This incident once again raises the question of how to certain user assets are over DeFi protocols. However, despite that, many people quickly stood up for bZx.
Aave Protocol Founder Stani Kulechov said:
“@bZxHQ incident recently showed that it’s easier forked than done. They had multiple audits, formal verification and took substantial time before coming back to main-net, and yet all the diligence does not guarantee safety. Something that every DeFi user should understand.”
- Crypto Investors Should Be Extra Careful With DeFi Tokens Since Most Of Them Are Scams
- Eterbase Tracked The Hacked Funds And Discovered They Were Sent To Binance, Huobi, And HitBTC, CZ Already On It