bZx Hack: $8 million in ETH, LINK, and Stablecoins stolen

Decentralized Finance is indisputably one of the big hype this year. If you look at the bare figures on the subject of DeFi, you will see above all strong growth in the market capitalization of many DeFi tokens. Parallel to this, an increase in the amount of money locked into DeFi tokens can be seen. These two components are probably the optimal conditions for hackers looking for security holes.

And that is how the bZx hack came about, where attackers exploited a gap in the protocol to steal $8 million in ETH, LINK, and various Stablecoins. What happened?

Read more about the bZx hack and how hackers managed to steal $8 million worth of ETH and LINK with the Born2Invest mobile app. Download our companion app for free and find the most important financial headlines in the world.

bZx Hack: A look at the chronology

The story begins on the morning of September 13th. Users of the protocol and the team behind bZx itself used Twitter to warn DeFi users that something was wrong with the protocol. In the beginning, they said that the inconsistencies of the Ethereum-based project had not led to any losses. In other words: No user money was lost.

However, since the platform had already been confronted with a hacker attack at the beginning of the year, some users were more than skeptical. At the latest when reports circulated that coins such as ETH, LINK or even Stablecoins worth millions of US dollars were being transferred to an external account, some users became aware that the original statement of the project team was not true.

Kyle Kistner, one of the co-founders and developers, signed up for a few hours reporting the following: “Every ERC20 token has a TransferFrom() function. This function is responsible for the transfer of tokens. Hackers were able to use this function to create an iToken and transfer it to themselves. They were thus able to artificially increase their account balance.”

In the bZx Hack, the attacker used this “trick” to create thousands of LINK, ETH and Stablecoins over several hours (!). The result: The hacker gained around $8 million.

The error in the protocol was already known

Marc Thalen may be known to some readers. He works as a software engineer and developer at Bitcoin.com. Thalen can be credited with powerful knowledge in the field of cryptocurrency development.

In a four-part tweet series, Thalen now showed that he drew the team’s attention to the errors in the protocol. “Tragically”, nobody was awake at that time. “Last night I found an exploit in BRZX. I noticed that a user was capable of duplicating “i tokens”. There was $20+ million at risk. I informed the team telling them to stop the protocol and explained the exploit to them. At that point none of the founders were up..”

Thalen himself exploited the error to provide proof that the protocol was vulnerable to attack.

Even though none of the bZx users will end up losing anything, the bZx hack shows how high the risks are with many DeFi protocols. It can be complicated and risky, especially for beginners, to rely on Decentralized Finance.

__

(Featured image by Tumisu via Pixabay)

DISCLAIMER: This article was written by a third party contributor and does not reflect the opinion of Born2Invest, its management, staff or its associates. Please review our disclaimer for more information.

This article may include forward-looking statements. These forward-looking statements generally are identified by the words “believe,” “project,” “estimate,” “become,” “plan,” “will,” and similar expressions. These forward-looking statements involve known and unknown risks as well as uncertainties, including those discussed in the following cautionary statements and elsewhere in this article and on this site. Although the Company may believe that its expectations are based on reasonable assumptions, the actual results that the Company may achieve may differ materially from any forward-looking statements, which reflect the opinions of the management of the Company only as of the date hereof. Additionally, please make sure to read these important disclosures.

First published in CRYPTO MONDAY, a third-party contributor translated and adapted the article from the original. In case of discrepancy, the original will prevail.

Although we made reasonable efforts to provide accurate translations, some parts may be incorrect. Born2Invest assumes no responsibility for errors, omissions or ambiguities in the translations provided on this website. Any person or entity relying on translated content does so at their own risk. Born2Invest is not responsible for losses caused by such reliance on the accuracy or reliability of translated information. If you wish to report an error or inaccuracy in the translation, we encourage you to contact us.