Decentralized financial lending (DeFi) bZx has just been hacked again.
An estimated 2,388 Ether (ETH) - worth about 645,000 USD, was stolen. "This attack seems to be an oracle manipulation attack," said Kyle Kistner, co-founder of bZx, in the company's official Telegram channel.
Market observers are referring to this deal is suspicious for the latest attack.
"We can disable this like we did last time," Kistner said.
Just yesterday, bZx was announced a result of their first attack, which revealed that 1,193 ETH - currently worth about 298,000 USD, disappeared.
Prior to the latest suspicious transactions, bZx decided to pause its protocol. This transaction is supposed to occur using loans and flash transactions on Synthetix. "It doesn't affect the Synthetix system even though it is related to sUSD," bZx has tweet today.
Mechanism of attack?
This is clearly the mechanism of the attack, as is explain by Larry Cermak - research director of The Block:
A hacker captured a flash loan of 7,500 ETH, bought 3,518 ETH worth sUSD for nearly 1 USD and then deposited it into bZx as collateral. So, they used 900 ETH to buy sUSD on Kyber and Uniswap, and from there manipulating the price of sUSD to more than 2 USD. This allows the attacker to receive a larger loan than expected because the collateral seems larger. With this collateral, the hacker then borrowed an additional 6,796 ETH on bZx and used it (as well as the remaining ETH balance) to repay the initial flash loan. In the end, this guy earned 2,388 ETH in profit (nearly $ 645,000) - the ETH bZx pool lost about $ 1.8 million while the sUSD pool earned $ 1.1 million.
Robert Leshner, founder of lending DeFi Compound, told The Block: “Security is the ultimate priority for a financial product. The bZx team has repeatedly demonstrated that it does not have the ability to protect users' money and must stop working immediately until the platform can be thoroughly and thoroughly tested. ”
Maybe you are interested:
Join our channel to stay up to date on the most useful news and knowledge at:
According to The Block
Translated by ToiYeuBitcoin