Decentralized Finance is indisputably one of the big hype this year. If you look at the bare figures on the subject of DeFi, you will see above all strong growth in the market capitalization of many DeFi tokens. Parallel to this, an increase in the amount of money locked into DeFi tokens can be seen. These two components are probably the optimal conditions for hackers looking for security holes.
And that is how the bZx hack came about, where attackers exploited a gap in the protocol to steal $8 million in ETH, LINK, and various Stablecoins. What happened?
Read more about the bZx hack and how hackers managed to steal $8 million worth of ETH and LINK with the Born2Invest mobile app. Download our companion app for free and find the most important financial headlines in the world.
bZx Hack: A look at the chronology
The story begins on the morning of September 13th. Users of the protocol and the team behind bZx itself used Twitter to warn DeFi users that something was wrong with the protocol. In the beginning, they said that the inconsistencies of the Ethereum-based project had not led to any losses. In other words: No user money was lost.
However, since the platform had already been confronted with a hacker attack at the beginning of the year, some users were more than skeptical. At the latest when reports circulated that coins such as ETH, LINK or even Stablecoins worth millions of US dollars were being transferred to an external account, some users became aware that the original statement of the project team was not true.
Kyle Kistner, one of the co-founders and developers, signed up for a few hours reporting the following: “Every ERC20 token has a TransferFrom() function. This function is responsible for the transfer of tokens. Hackers were able to use this function to create an iToken and transfer it to themselves. They were thus able to artificially increase their account balance.”
In the bZx Hack, the attacker used this “trick” to create thousands of LINK, ETH and Stablecoins over several hours (!). The result: The hacker gained around $8 million.
The error in the protocol was already known
Marc Thalen may be known to some readers. He works as a software engineer and developer at Bitcoin.com. Thalen can be credited with powerful knowledge in the field of cryptocurrency development.
In a four-part tweet series, Thalen now showed that he drew the team’s attention to the errors in the protocol. “Tragically”, nobody was awake at that time. “Last night I found an exploit in BRZX. I noticed that a user was capable of duplicating “i tokens”. There was $20+ million at risk. I informed the team telling them to stop the protocol and explained the exploit to them. At that point none of the founders were up..”
Thalen himself exploited the error to provide proof that the protocol was vulnerable to attack.
Even though none of the bZx users will end up losing anything, the bZx hack shows how high the risks are with many DeFi protocols. It can be complicated and risky, especially for beginners, to rely on Decentralized Finance.
DISCLAIMER: This article was written by a third party contributor and does not reflect the opinion of Born2Invest, its management, staff or its associates. Please review our disclaimer for more information.
This article may include forward-looking statements. These forward-looking statements generally are identified by the words “believe,” “project,” “estimate,” “become,” “plan,” “will,” and similar expressions. These forward-looking statements involve known and unknown risks as well as uncertainties, including those discussed in the following cautionary statements and elsewhere in this article and on this site. Although the Company may believe that its expectations are based on reasonable assumptions, the actual results that the Company may achieve may differ materially from any forward-looking statements, which reflect the opinions of the management of the Company only as of the date hereof. Additionally, please make sure to read these important disclosures.
First published in CRYPTO MONDAY, a third-party contributor translated and adapted the article from the original. In case of discrepancy, the original will prevail.
Although we made reasonable efforts to provide accurate translations, some parts may be incorrect. Born2Invest assumes no responsibility for errors, omissions or ambiguities in the translations provided on this website. Any person or entity relying on translated content does so at their own risk. Born2Invest is not responsible for losses caused by such reliance on the accuracy or reliability of translated information. If you wish to report an error or inaccuracy in the translation, we encourage you to contact us.
What Is the Role of Fintech Companies in the Payments Ecosystem
The CEO of BIT2ME referred to the future of fintech as "good". However, he stated, "We live in a society...
UN Report Calls on Member States to Stop Criminalizing Drug Users
The report shows that a growing number of countries in all regions are adopting policies and practices that decriminalize drug...
Markets Heated Up This Past Week as Guidance from the Fed Was Bearish
The Fed left rates unchanged at this past week's meeting as expected but the guidance was hawkish. Markets didn't like...
Current Woes in Bonds Promise Future Grief for Stocks: Focus on Dow Jones
If you’re bullish, maybe you should lower your expectations of what the stock market can do for you in the...
The TopRanked.io Weekly Digest: What’s Hot in Affiliate Marketing [uMobix Affiliate Program Review]
This week, we're covering everything from hustle culture to spying on kids, making this affiliate digest look like it has...
Business1 week ago
The TopRanked.io Weekly Digest: What’s Hot in Affiliate Marketing [CamSoda Affiliates Review]
Biotech2 weeks ago
Werfen Launches We Venture Capital to Invest in Diagnostic Companies
Crowdfunding5 days ago
Mamacrowd Launches Five Campaigns with November 10th Deadline
Impact Investing2 weeks ago
Why Sustainable Funds Are a Difficult Challenge