Pages:
Author

Topic: DeFi protocol bZx attacked once again, lost $8 million - page 2. (Read 285 times)

legendary
Activity: 2114
Merit: 1150
https://bitcoincleanup.com/
UPDATE from bZX:

Yes, smart contracts are in defi - like a sieve, everything is in bugs and vulnerabilities. bZx had 2 audits, so what? Nothing helped, money is still lost.  Angry
Yup. These codes are made by humans, audited by humans, and we all know humans make mistakes.

"Code is Law" is not true at all.

I do not know what is the rush? I mean everyone seems to be in a hurry to launch their defi platforms without even testing and without any kind of security audits whatsoever which is now evident to cause loss of millions, the industry needs to show maturity and professionalism to thrive forward otherwise it can hurt itself.
This is not the same as the new DeFi projects coming out recently. bZx has been around since 2018 and its code had been audited too. Unfortunately, the hacker still managed to exploit something that the code auditors failed to see. What's more disappointing is that this is the third attack this year alone.
sr. member
Activity: 1540
Merit: 420
www.Artemis.co
DeFi Lender bZx Reclaims $8M Stolen in Sunday’s Attack

Well looks like the attackers will not enjoy the money they stole after they were exposed. Unlucky they fail to withdraw funds in clean manner, these hackers probably only knew how to get in but don’t know how to get out.
legendary
Activity: 2688
Merit: 1262
I do not know what is the rush? I mean everyone seems to be in a hurry to launch their defi platforms without even testing and without any kind of security audits whatsoever which is now evident to cause loss of millions, the industry needs to show maturity and professionalism to thrive forward otherwise it can hurt itself.
If you read the content and response post from @Ratimov at the tops.

The source code has been audit by 2 platforms Peckshield and Certik, anyway the funny things about these cases. The audit cannot give a result when they are auditing the source code its "SAFE" or "NOT" even they are auditing. The case reminds me some scam project when the team change the total supply source code, will this case is an INSIDE JOBS? only times can answers that's.
member
Activity: 1008
Merit: 12
SAPG Pre-Sale Live on Uniswap!
I do not know what is the rush? I mean everyone seems to be in a hurry to launch their defi platforms without even testing and without any kind of security audits whatsoever which is now evident to cause loss of millions, the industry needs to show maturity and professionalism to thrive forward otherwise it can hurt itself.
Ucy
sr. member
Activity: 2674
Merit: 403
Compare rates on different exchanges & swap.
Seems this is the third attack on the company/platform.

I guess this means the huge amount won't be recovered? Well, I think there should be ways to recover or freeze funds once they have gotten to the wrong hands.
The articles I read concerning the hack, claim someone discovered the vulnerability but couldn't get the team fix it quickly. Doesn't sound decentralized to me if things can take this long to detect and fix.
Ethereum DeFi really remains a very risky ecosystem to invest in due mainly to its lack of distinctions between decentralized, centralized, safe and unsafe platforms on the system. It's currently an unorganized system of confusion, disorder, deception, in my opinion.
member
Activity: 294
Merit: 10
WhalesHeaven - Custody Free Swap Exchange
If that is true it will mean that defi needs better infrastructure than what is available now to move forward, because community supports defi because of no third party intervention and decentralization but all this needs fool proof rather bullet proof security which i hope will be developed in coming months.
hero member
Activity: 1708
Merit: 651
SmartFi - EARN, LEND & TRADE
Decentralized finance (DeFi) lending protocol bZx was attacked once again last night and lost a little over $8 million due to a faulty code in its smart contracts.

The flawed code allowed an attacker to duplicate assets, or increase their balance of iTokens (interest-bearing tokens of bZx). Hours after noticing the bug, bZx paused minting and burning of iTokens and then unpaused it after a fix that corrected balances for duplications.

The bug allowed the hacker to mint 219,200 LINK tokens (worth about $2.6 million); 4,503 ETH (~$1.6 million); 1,756,351 USDT (~$1.7 million); 1,412,048 USDC (~$1.4 million) and 667,989 DAI (~$680,000). That is $8.1 million in total. bZx said no user funds are at risk as the loss is being covered by its insurance fund.

Marc Thalen, a lead engineer at Bitcoin.com, claims to have initially identified the bug. He said more than $20 million of bZx funds were at risk. Thalen himself tried the exploit out and created a loan using USDC (100 USD). "From this I retrieved iUSDC. I then sent this to myself practically duplicating the funds. I then created a claim for 200 USD," said Thalen.

https://www.theblockcrypto.com/post/77656/defi-protocol-bzx-attacked-lost-8-million-faulty-code
Pages:
Jump to: