Decentralized finance (DeFi) firm bZx has taken a series of hits from a crypto hacker in the past few days, said Coin Telegraph. The two attacks, which occurred on February 14 and 18, have resulted in a loss of about $954,000.
The first attack occurred while the bZx team was in the ETHDenver industry event. During this strike, the hacker used several DeFi protocols to make transactions using a substantial amount of the cryptocurrencies Ether (ETH) and Wrapped Bitcoin (WBTC).
To conduct the scheme, the malicious party first took a loan of 10,000 ETH ($2,545,200) from dYdX, another DeFi platform. Then, they used 5,500 ETH to fund the loan of 112 wrapped WBTC through yet another DeFi Compound. This kind of activity went on for several transactions.
During the lending and swapping spree, the attacker was able to “manipulate the prices and profit off of a decentralized leveraged trade,” as per Coin Telegraph. An evaluation of the hack revealed that the very first transaction should have been blocked by safety protocols. However, the system did not run because of a flaw in bZx’s smart contract.
Meanwhile, the second hack is yet to be analyzed deeper. However, experts say that it occurred due to a manipulation of an oracle, which is a centralized component. This resulted in the loss of around 2,388 ETH or a whopping $636,000.
Crypto hacks have been rampant in the past years, especially with hackers innovating and updating their techniques. Moreover, crypto transactions are designed to be nonreversible, making it easier for the attackers to get away with the crime.
In a blog post published by bZx on its website, it assured clients that “no users have lost funds or will lose funds.” The protocol has also made significant changes to its system in order to prevent such attacks in the future.
According to the platform, it has now patched the bug in its smart contracts that prevented the security check from initializing. In addition to this, the company will also deploy Chainlink oracles to reinforce its protection check.
Moreover, the firm delisted the ETHBTC margin tokens used by the attacker. In connection with this, the platform will implement a governance structure that will allow clients to vote for the approval or disapproval of keys.
Lastly, it will enforce a maximum trade size, which intends to restrict the scope of potential attacks.