Facebook X (Twitter) LinkedIn Telegram
    • About
    • Advertise
    • Submit Press Release
    • Contact
    Facebook X (Twitter) LinkedIn Telegram
    BlockonomiBlockonomi
    • Prices
      • All Coins
      • Bitcoin Price
      • Ethereum Price
      • Ripple Price
      • EOS Price
      • Litecoin Price
      • Monero Price
      • Binance Coin Price
      • Bitcoin Cash Price
      • Chainlink Price
      • Cardano Price
      • Stellar Price
      • Tron Price
    • Sections
      • All
      • Analysis
      • Bitcoin
      • Ethereum
      • Education
      • Trading
      • Buying
      • DeFi
      • NFTs
      • Metaverse
      • Exchanges
      • Brokers
      • Guides
      • Gaming
      • Privacy
      • Business
      • Finance
      • Fintech
      • Regulation
      • Security
    • Claim Free Crypto!
    • Gamble With Crypto!
    • Easily Buy Crypto!
    Home / About / Advertise / Submit Press Release
    BlockonomiBlockonomi
    DeFi

    Inside This Weekend’s DeFi Attack: How a Bad Actor Launched a Money Lego Assault

    Analysts have been expecting a DeFi attack, and over the weekend crypto stakeholders got their first glimpse at what such attacks will look like in the wild.
    William M. PeasterBy William M. PeasterFebruary 18, 2020No Comments4 Mins Read
    Telegram Twitter LinkedIn WhatsApp Facebook Email
    DeFi
    Share
    Facebook Twitter LinkedIn Email Telegram WhatsApp

    Update 2/17/2020 @ 7:20PM: The bZx team has published its post-mortem report, read it here. 


    The rise of the Ethereum decentralized finance sector , or DeFi, has been one of the biggest stories in the cryptoeconomy for the last two years.

    DeFi’s power lies in its underlying composability — the ease in which disparate “money lego” projects can link their capabilities together — and in its permissionless structure — the ability to conduct activities without a third party being in the middle to approve or disapprove of them.

    As it stands, this model can be extremely liberating for folks across the world, though it can also be abused by bad actors, as with any system. With that said, many analysts have been expecting a DeFi attack, and over the weekend crypto stakeholders got their first glimpse at what such attacks will look like in the wild.

    Not a Hack, But an Attack

    Table of Contents

    • Not a Hack, But an Attack
    • What’s Next?
    • The Sooner the Better?

    bZx is a lending and margin trading protocol on Ethereum, atop which Fulcrum is a front-end project that offers bZx services at its foundation. It’s not a bug that was just used to attack across these projects and others, but rather a sophisticated arbitration-like opportunity.

    Here’s what seems to have happened: an attacker or group of attackers used an Aave flash loan — which can be opened and closed within a single transaction — to borrow 10,000 ether (ETH) from the dYdX protocol. The small trove that was then used to launch a DeFi attack.

    The antagonist put half of those funds into the Compound lending dApp, with which they borrowed 112 WBTC — a tokenized, ERC20 version of bitcoin. In a separate stroke, the attacker went to the bZx protocol and shorted WBTC on margin. To make the price dump, the agent sold borrowed WBTC on Uniswap, which caused the token’s price to acutely tank, thus satisfying the bZx short. The attacker then paid back the Aave loan and apparently profited by some $350,000 USD.

    All of that occurred within a single transaction with no original collateral needed. It was both an ingenuous and nefarious move, and it’ll lead to some soul searching in the DeFi community going forward.

    What’s Next?

    In the aftermath of the attack, bZx co-founder Kyle Kistner confirmed that users’ funds were ultimately safe, commenting:

    “There was an exploit executed against the contract. There was a portion of ETH lost. We have paused the contract except for lending and unlending. We are still consulting with the relevant security researchers to understand the precise cause of the issue. We will be publishing a more in-depth post-mortem. The remaining funds are safe.”

    In other words, the bZX team has encountered a bad faith broadside, but moves have already been taken — and more will be taken — to prevent a similar attack from happening in the future, as bZx’s leadership explained:

    “We have deployed a contract upgrade that we believe will make our system more robust against these type of actions in the future. The upgrade is currently being processed through our timelock. It will pass through in the next 12 hours. At that time we hope to restart the UI.”

    The Sooner the Better?

    There are some stakeholders that have argued that it’s beneficial that such an attack occurred earlier rather than later in DeFi, when the stakes would be higher. Among this lot was BlockTower Capital’s chief information officer, Ari Paul, who later argued:

    “The bzx/compound/uniswap attack is super cool. The more of this that happens, the sooner the better. We want the bug bounties claimed before defi poses a systemic risk.”

    Indeed, DeFi is not hardened yet, but this latest attack incident does represent an opportunity for many projects in the ecosystem to toughen up.

    Advertise Here
    William M. Peaster
    • Website
    • X (Twitter)
    • Instagram
    • LinkedIn

    William M. Peaster is a professional writer and editor who specializes in the Ethereum, Dai, and Bitcoin beats in the cryptoeconomy. He's appeared in Blockonomi, Binance Academy, Bitsonline, and more. He enjoys tracking smart contracts, DAOs, dApps, and the Lightning Network. He's learning Solidity, too! Contact him on Telegram at @wmpeaster

    Related Posts

    Bitget Friend3 Listing: Exchange Embraces Social dApp Innovation

    November 29, 2023

    Wake: New Open-Source Tooling on Ethereum to Stop Bugs

    November 28, 2023

    Kinto Migrates to Arbitrum, Bringing Compliance to DeFi

    November 22, 2023

    Comments are closed.

    Coinbase Earn
    Advertise Here
    Gambling
    • mBit Casino
      VisitReview
    • BC Game
      VisitReview
    • Duelbits
      VisitReview
    • BitcoinCasino
      VisitReview
    • FortuneJack
      VisitReview
    • 1xBit
      VisitReview
    Exchanges
    • KuCoin
      VisitReview
    • Coinbase
      VisitReview
    • Binance
      VisitReview
    • PrimeXBT
      VisitReview
    Koinly
    Advertise Here
    Trading Bots
    • 3Commas
      VisitReview
    • Cryptohopper
      VisitReview
    • CoinRule
      VisitReview
    3commas Trading Bot
    Advertise Here
    All content on Blockonomi.com is provided solely for informational purposes, and is not an offer to buy or sell or a solicitation of an offer to buy or sell any security, product, service or investment. The opinions expressed in this Site do not constitute investment advice and independent financial advice should be sought where appropriate.
    Blockonomi™ Copyright © 2017 - 2023 Kooc Media Ltd. All rights reserved. Registered Company No.05695741
    Network: Moneycheck - Finance News / Beanstalk - NFT & Metaverse News
    • About
    • Contact
    • Deals
    • Advertise
    • Privacy Policy
    • Terms & Conditions

    Type above and press Enter to search. Press Esc to cancel.