Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the multisite-clone-duplicator domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/wp-includes/functions.php on line 6114
[www-stage.newsbtc.com/news/1inch-exchange-co-founder-disputes-claims-bzx-attackers-stole-8m-in-defi-exploit/amp/]
[wp-includes/functions.php:6114 trigger_error(), wp-includes/functions.php:6054 wp_trigger_error(), wp-includes/l10n.php:1370 _doing_it_wrong(), wp-includes/l10n.php:1408 _load_textdomain_just_in_time(), wp-includes/l10n.php:194 get_translations_for_domain(), wp-includes/l10n.php:306 translate(), wp-content/plugins/multisite-clone-duplicator/include/lang.php:6 __(), wp-content/plugins/multisite-clone-duplicator/multisite-clone-duplicator.php:32 require_once('wp-content/plugins/multisite-clone-duplicator/include/lang.php'), wp-settings.php:471 include_once('wp-content/plugins/multisite-clone-duplicator/multisite-clone-duplicator.php'), wp-config.php:53 require_once('wp-settings.php'), wp-load.php:50 require_once('wp-config.php'), wp-blog-header.php:13 require_once('wp-load.php'), index.php:17 require('wp-blog-header.php')]

1Inch Exchange Co-Founder Disputes Claims bZx Attackers Stole $8m in DeFi Exploit

1Inch Exchange Co-Founder Disputes Claims bZx Attackers Stole $8m in DeFi Exploit

DeFi lending protocol bZx suffered another attack last night, the second in seven months.

This time, faulty code was blamed for an exploit that allowed hackers to duplicate assets, or increase their iTokens balance without the appropriate collateral.

Reports are circulating that hackers stole cryptocurrencies worth $8 million. But Anton Burkov, Co-founder of 1inch Exchange, analyzed the relevant DeFi explorer, removing duplicate items, as well as bZx “admin drainages”, to conclude those reports are greatly exaggerated.

According to Burkov, the amount lost to the duplication exploit is closer to $1.7 million. Further analysis carried out by Burkov pinpointed the exploit to nine transactions on the iETH lending token, worth approximately 4.7k Ethereum in total.

We found 9 exploiting transactions on $iETH lending token with 101778 $iETH tokens duplicated (worth ~4.7K $ETH) // @DuneAnalytics”

Source: twitter.com

In response to the exploit, bZx issued a statement saying investors are covered by an insurance fund paid for through treasury funds and protocol cashflow.

What’s more, in the statement, bZx spun the incident to demonstrate the soundness of the protocol.

“As we have demonstrated before, the system is capable of absorbing black swan events that would otherwise negatively impact lender assets. Thanks to a protocol design that anticipates and accounts for tail events, this incident is surmountable. The debt will be wiped clean and the protocol will move forward unimpeded.”

However, considering the number of high profile exploits and exits happening in DeFi of late, this latest exploit has done little to legitimize DeFi.

DeFi Hackers Exploit Duplication Bug

A postmortem of what happened shows several failings. Initially, Lead Developer at bitcoin.com, Marc Thalen, raised the alarm by tweeting his discovery of the DeFi duplication exploit.

However, due to time differences, no-one at bZx was able to respond straight away.

In the meantime, Thalen then went on to test the exploit himself. He said that he created a 100 USDC loan from which he was able to claim 200 iUSDC.

2/4 I tried the exploit out. I created a loan using USDC (100 USD). From this I retrieved iUSDC. I then sent this to myself practically duplicating the funds. I then created a claim for 200 USD.

By the time the bZx team was aware of the problem, the attacker had already drained a substantial amount of DeFi assets.

In response, bZx paused the minting and burning of iTokens as they investigated the claims. The team then applied a patch to the iTokens contracts, correcting duplicate balances at the same time.

Following that, normal activity resumed.

What Next For bZx?

The bZx protocol was attacked in February in a flash lending exploit. Attackers were able to steal $350k by manipulating the Uniswap price feed for wrapped Bitcoin.

However, bZx denies the incident came about as a result of using Uniswap price feeds.

https://twitter.com/bZxHQ/status/1228717425387950080

At the time, bZx was ranked as the 7th largest protocol by total value locked (TVL). But following the flash lending exploit, it began slipping down in the DeFi rankings.

Today, defipulse.com ranks bZx as the 37th biggest by TVL, a substantial fall in standing.

Source: defipulse.com

In a bid to reassure DeFi investors, bZx Co-founders Tom Bean and Kyle Joseph Kistner will field questions about the incident later tonight.

https://twitter.com/bZxHQ/status/1305402022892466176

But the real concern is whether today’s exploit will lead to a further drop in standing.

In terms of token price, BZX is down 30% on the day. However, will the duplication exploit lead to further price declines?

BZX daily chart with volume. (Source: tradingview.com)
Exit mobile version