Decentralized Finance is indisputably one of the big hype this year. If you look at the bare figures on the subject of DeFi, you will see above all strong growth in the market capitalization of many DeFi tokens. Parallel to this, an increase in the amount of money locked into DeFi tokens can be seen. These two components are probably the optimal conditions for hackers looking for security holes.
And that is how the bZx hack came about, where attackers exploited a gap in the protocol to steal $8 million in ETH, LINK, and various Stablecoins. What happened?
Read more about the bZx hack and how hackers managed to steal $8 million worth of ETH and LINK with the Born2Invest mobile app. Download our companion app for free and find the most important financial headlines in the world.
bZx Hack: A look at the chronology
The story begins on the morning of September 13th. Users of the protocol and the team behind bZx itself used Twitter to warn DeFi users that something was wrong with the protocol. In the beginning, they said that the inconsistencies of the Ethereum-based project had not led to any losses. In other words: No user money was lost.
However, since the platform had already been confronted with a hacker attack at the beginning of the year, some users were more than skeptical. At the latest when reports circulated that coins such as ETH, LINK or even Stablecoins worth millions of US dollars were being transferred to an external account, some users became aware that the original statement of the project team was not true.
Kyle Kistner, one of the co-founders and developers, signed up for a few hours reporting the following: “Every ERC20 token has a TransferFrom() function. This function is responsible for the transfer of tokens. Hackers were able to use this function to create an iToken and transfer it to themselves. They were thus able to artificially increase their account balance.”
In the bZx Hack, the attacker used this “trick” to create thousands of LINK, ETH and Stablecoins over several hours (!). The result: The hacker gained around $8 million.
The error in the protocol was already known
Marc Thalen may be known to some readers. He works as a software engineer and developer at Bitcoin.com. Thalen can be credited with powerful knowledge in the field of cryptocurrency development.
In a four-part tweet series, Thalen now showed that he drew the team’s attention to the errors in the protocol. “Tragically”, nobody was awake at that time. “Last night I found an exploit in BRZX. I noticed that a user was capable of duplicating “i tokens”. There was $20+ million at risk. I informed the team telling them to stop the protocol and explained the exploit to them. At that point none of the founders were up..”
Thalen himself exploited the error to provide proof that the protocol was vulnerable to attack.
Even though none of the bZx users will end up losing anything, the bZx hack shows how high the risks are with many DeFi protocols. It can be complicated and risky, especially for beginners, to rely on Decentralized Finance.
DISCLAIMER: This article was written by a third party contributor and does not reflect the opinion of Born2Invest, its management, staff or its associates. Please review our disclaimer for more information.
This article may include forward-looking statements. These forward-looking statements generally are identified by the words “believe,” “project,” “estimate,” “become,” “plan,” “will,” and similar expressions. These forward-looking statements involve known and unknown risks as well as uncertainties, including those discussed in the following cautionary statements and elsewhere in this article and on this site. Although the Company may believe that its expectations are based on reasonable assumptions, the actual results that the Company may achieve may differ materially from any forward-looking statements, which reflect the opinions of the management of the Company only as of the date hereof. Additionally, please make sure to read these important disclosures.
First published in CRYPTO MONDAY, a third-party contributor translated and adapted the article from the original. In case of discrepancy, the original will prevail.
Although we made reasonable efforts to provide accurate translations, some parts may be incorrect. Born2Invest assumes no responsibility for errors, omissions or ambiguities in the translations provided on this website. Any person or entity relying on translated content does so at their own risk. Born2Invest is not responsible for losses caused by such reliance on the accuracy or reliability of translated information. If you wish to report an error or inaccuracy in the translation, we encourage you to contact us.
Not all software IPOs are created equal
It's never a good idea to pour money into a company just because it's a tech company. Not every company...
How are sustainable labels awarded and what they stand for
There is no shared definition of the concept of "sustainable finance", which leaves a wide margin of interpretation when it...
B2B only: Spotcap sells credit business to Ferratum
The Spotcap-Ferratum deal is further proof that the German fintech industry is being shaken up in the corona crisis, at...
Domestic demand versus export demand: which is better?
Palm Oil closed lower on ideas of decreasing production and private reports of weaker demand. It is seasonally a time...
What is happening with the American Capitalism
Unsurprisingly, Wall Street is once again clamoring for another shot of heroin because all those trillions of dollars that were...
Featured6 days ago
Which fintech company raised the most funds in Q3 2020?
Crypto7 days ago
Ripple’s CTO sells 40,000 Ethereum for $1 per token
Africa4 days ago
Fruitbox Africa: Frankfurt investor and Siemens to create jobs in Ethiopia
Business7 days ago
How to grow your small business through Amazon advertising