Pages:
Author

Topic: DeFi protocol bZx attacked once again, lost $8 million (Read 284 times)

sr. member
Activity: 868
Merit: 253
This topic is actual again. Three days ago the BZX DeFi protocol has been hacked. The developers of the BZX Defi-lending protocol stated that they had compromised the private key of the project deployment management in the Polygon and Binance Smart Chain (BSC) networks.The audit company SlowMist noticed that 7 wallets have assets worth $ 55 million, which are controlled by hackers.The team added that bZx smart contracts were not compromised.Last year bZx was hacked three times, which led to losses of $ 10 million, the team managed to return $ 8 million.
legendary
Activity: 1974
Merit: 4715
https://twitter.com/bZxHQ/status/1456603269355094021
"An hour ago it appears that the private key controlling the Polygon and BSC deployments was compromised, leading to loss of funds. The Ethereum deployment is under DAO control and not impacted. We will provide further updates soon."

approval checker
https://etherscan.io/tokenapprovalchecker
https://bscscan.com/tokenapprovalchecker
https://polygonscan.com/tokenapprovalchecker

https://twitter.com/SlowMist_Team/status/1456633190546763779
hero member
Activity: 2884
Merit: 794
I am terrible at Fantasy Football!!!
A project was built too quickly and did not meet security standards but was still confirmed by 2 audit organizations.
They were attacked three times, previous times with the amount of about 1 million dollars, this time even bigger than that.
A large amount of ICO fundraising is worse than anonymous projects like sushi or spontaneous projects like YFI.
I did not knew their source code was audited and that they received clearance which makes all of this even worse on my eyes after all if those that have the duty to find flaws in the code cannot do it then this mean they are incompetent and we should not trust their judgement because it is even possible they were bribed by the developers to give their OK and to make it seem that everything was OK when it is clear it is not due to the number of successful attacks against this project.
member
Activity: 938
Merit: 13
AMEPAY
This is the failure of not only bzx but also the people who audited it. For most part the project developers are the ones that are mainly responsible. The right thing to do now is to find the bug and fix the responsibility so that nothing like this happens in the future. I hope investor funds will be safe.
legendary
Activity: 2114
Merit: 1150
https://bitcoincleanup.com/
Yup. These codes are made by humans, audited by humans, and we all know humans make mistakes.
It's not a reason from "AUDIT Platform" for any kind of business and their service.

They have a service to audit the source code and become the third resource from "non-tech" who doesn't know about programmer and code think and make them secure with the code platform was really safe. Because we have two audit platform who audit the code not only one, and try to accepting the mistake audit because they are human when we have 2 audit platform who make the audit of source code.

If one maybe can accept it, but if more than one still a big question for audit service on how they audit the code.
It shouldn't be use as an excuse, true. My point was to never completely trust the codes and the third party who audits them because it's still prone to human error. It could have been reviewed by three or more and there's still that possibility to miss some codes that can be exploited by hackers.
sr. member
Activity: 1498
Merit: 326
20BET - Premium Casino & Sportsbook
Well looks like the attackers will not enjoy the money they stole after they were exposed. Unlucky they fail to withdraw funds in clean manner, these hackers probably only knew how to get in but don’t know how to get out.
There is a reason why they are called hackers. Its imposisble that they cant monetize those money they stolen. There are lots of way on how those people will be seen doing transferring. Bzrx is good platform but with this event occured, Im sure some would panic that their asset werent safe anymore.
hero member
Activity: 2604
Merit: 816
🐺Spinarium.com🐺 - iGaming casino
I saw the price of it felt down around 32% yesterday but today seems to be recovering a bit as they tweeted on tweeter that the fond is safe, but its the second time such a thing happen to it ? do they even know how to protect investor's money?!
I guess the down is that that news makes people or investors think that the project can not survive. But if the price can recover and the fond is safe, I think people will put back their trust to that project, but I wonder if people will give a big trust as before because they already saw a problem for that project.
We can hope that the project can protect the investor's money before the other problem happens, so they can at least prepare the project and solve the problem if it's come again.
hero member
Activity: 2478
Merit: 695
SecureShift.io | Crypto-Exchange
What else is new, except the amount stolen is consider reasonable compare to other Defi heist  Grin
Mayb now they will find a way to strengthen their code or whatever is the loophole, because it is always the case, after theft is the solution  Undecided we know their strategy too well not to be surprise by this type of inside job news
Okey next news please.........
sr. member
Activity: 1316
Merit: 254
Sugars.zone | DatingFi - Earn for Posting
I saw the price of it felt down around 32% yesterday but today seems to be recovering a bit as they tweeted on tweeter that the fond is safe, but its the second time such a thing happen to it ? do they even know how to protect investor's money?!
full member
Activity: 826
Merit: 105
A project was built too quickly and did not meet security standards but was still confirmed by 2 audit organizations.
They were attacked three times, previous times with the amount of about 1 million dollars, this time even bigger than that.
A large amount of ICO fundraising is worse than anonymous projects like sushi or spontaneous projects like YFI.
full member
Activity: 1470
Merit: 148
Though the funds  be restored by hackers after they where exposed through the on-chain analytics. That's good to know they have recovered their loose and the problem Solved. My question is: what are the rush for? Don't they always verify or audit their smart contracts? Maybe we should slow it down to avoid this reoccurrence. To be sincere the token is doing very well in the market right now, good products will always attract good investors.
member
Activity: 210
Merit: 10
Sovryn - Brings DeFi to Bitcoin
I will once again suggest to the community and friends here that are crazy about defi projects and literally are chasing each and every project even without any research, to be careful there is high chance you will lose all your money if you keep chasing these peojects blindly, just calm down and only select the best project to invest not any project which uses defi and promise returns.
hero member
Activity: 1361
Merit: 506
Didn´t they promise that they will audit their smart-contract? Maybe they again tried to develop everything quickly to earn as much as possible, but this is the result that DeFi projects need to be developed for a few months to prove bugs and vulnerable places. That's why I only trust MakerDAO and Compound Smiley.
legendary
Activity: 2744
Merit: 1288
Decentralized finance (DeFi) lending protocol bZx was attacked once again last night and lost a little over $8 million due to a faulty code in its smart contracts.

What if the whole Decentralized finance (DeFi) lending protocol bZx is a faulty code in a smart contract? You need to zoom out to see the forest. If you zoom in and see each tree you cant see the forest.
hero member
Activity: 2800
Merit: 595
https://www.betcoin.ag


Audited twice and yet there are incidents like this still. You shouldn't be promoting this auditing team again. Maybe you need to look at the background of the audit company or just the bZx team itself that for being around of more than 2 years, they still get to be hacked over and over. $8 million is a lot. The hacker must enjoy, you earned!
jr. member
Activity: 342
Merit: 3
I heard about this news and it was really a bad negative news for the project. This caused a instant price dump also. But as per the latest new I know the attackers got exposed by using on-chain analytics. As soon they tracked down they returned the money. And now this news helped BZRX to recover it's price to some extent. 
hero member
Activity: 2884
Merit: 794
I am terrible at Fantasy Football!!!
Seems this is the third attack on the company/platform.

I guess this means the huge amount won't be recovered? Well, I think there should be ways to recover or freeze funds once they have gotten to the wrong hands.
The articles I read concerning the hack, claim someone discovered the vulnerability but couldn't get the team fix it quickly. Doesn't sound decentralized to me if things can take this long to detect and fix.
Ethereum DeFi really remains a very risky ecosystem to invest in due mainly to its lack of distinctions between decentralized, centralized, safe and unsafe platforms on the system. It's currently an unorganized system of confusion, disorder, deception, in my opinion.
It is clear that any new improvement in this market will have some growing pains, however this is inexcusable, they knew about the bug and they were simply too slow to fix it and yet the hacker was able to find the bug and exploit it faster than the developers could fix it, what this tell us? That the hacker in question was more skilled than the developers and that should be worrying in a market in which the smallest mistake can cost you and your investors millions of dollars.
hero member
Activity: 2128
Merit: 530
PredX - AI-Powered Prediction Market
Although I am not happy this happen, but we need this periodic reality check to make sure that all there DEFI products are hack proof, just imagine that the white hacker that first discover the bug in the platform exploit these and cart away $20 million what are we going to be saying now, this could have crash the DEFI market by now. Any DEFI platform need to be audited and hack proof because these are people's fund
legendary
Activity: 2688
Merit: 1262
Yup. These codes are made by humans, audited by humans, and we all know humans make mistakes.
It's not a reason from "AUDIT Platform" for any kind of business and their service.

They have a service to audit the source code and become the third resource from "non-tech" who doesn't know about programmer and code think and make them secure with the code platform was really safe. Because we have two audit platform who audit the code not only one, and try to accepting the mistake audit because they are human when we have 2 audit platform who make the audit of source code.

If one maybe can accept it, but if more than one still a big question for audit service on how they audit the code.
legendary
Activity: 2030
Merit: 1189
Lmao, imaging hacking $8 million, and then giving it back because you forgot to anonymize yourself.

He's probably still going to get stung with a court case now, what an absolute idiot.

Still, it's great to see thieves getting caught. It's far too rare when it comes to cryptocurrencies unfortunately—the thief almost always gets away with it because they exchange to Monero or use a mixer etc.

Hopefully they don't let him off with it. They need to set a precedent here IMO.
Pages:
Jump to: