Former Google engineer explains how hackers earn $ 350,000 from DeFi bZx platform

Point of 7 notable cryptocurrency exchange hacks in 2019

Korantin Auguste, a former Google software engineer, explained in detail how hackers attacked bZx recently decentralized financial project (DeFi) bZx.

In one blog posts published on Monday on its personal website Palkeo, Auguste said an attacker had borrowed 10,000 ETH (worth $ 2.49 million) from dYdX - a decentralized exchange to trade margin.

He then sent 5,000 ETH to the DeFi Compound lending protocol and borrowed 112 Wrapped Bitcoin (WBTC) - an Ethereum-based ERC-20 token backed 1: 1 by Bitcoin, to carry out the attack.

Next, the attacker sent 1,300 ETH to bZx to open a short 5x position to the WBTC. “This call opens a Fulcrum position, short ETH / WBTC with 5x leverage. This position is above 1,300 ETH (very large), ”Auguste said.

bZx then converted internally 5,637 ETH to 51 WBTC through a Kyber order transferred to Uniswap. The attacker converted 112 WBTC to 6,871 ETH on Uniswap. Later, this guy sent 10,000 ETH back to DyDx.

"The attacker exploited a bug inside bZx - which caused it to trade huge sums of money on Uniswap, with the price tripling," Auguste explained, adding that the attacker had It is possible to sell 112 WBTC for 6871 ETH because "Uniswap supply has been distorted."

This hacker ended up with 71 ETH, but that's not their pure price difference profit, Auguste said. “They ended the transaction with a Compound position of 5,500 ETH collateral and only 112 WBTC loans. This is about $ 350,000 in equity in Compound. ”

To put it more simply, a "logical error" in bzX's coding caused an equity loss of about $ 620,000 for the protocol and about $ 350,000 in profit for the attacker, Auguste said. "That's just a fact of opening their gigantic position that caused the money leak from bZx to Uniswap, which they have mined."

Notably, Auguste said that it was not the fault of Oracle, but a flaw.

He also said that the loss of equity from bZx and the amount the hacker earned did not increase because "counting the attack may not have maximized profits and they made Uniswap completely out of balance after the attack." . Many bots then rushed to profit from it. ”

bZx tweeted yesterday that users will not suffer losses because the platform will compensate them. Project said will be releasing a detailed analysis at 7pm EST today.

Maybe you are interested:

Join our channel to stay up to date on the most useful news and knowledge at:

According to The Block
Translated by ToiYeuBitcoin


seo marketing wordpress seo seo hosting seo and marketing word press seo wordpress and seo wordpress marketing hosting seo seo press pro market seo seo & marketing seo e marketing e marketing seo seo pro wordpress marketing & seo seo di wordpress wordpress seo host hosting and seo wordpress hosting seo wordpress seo wordpress wordpress for marketing seo press wordpress marketing for seo