Decentralized finance protocol bZx suffered a major hack on September 13, 2020, with the hackers carting away $8 million worth of tokens. This latest hack comes after an initial double hack attack in February which led to losses of about $1 million.
Hackers Duplicated Tokens
The hackers took advantage of a flaw within the code of bZx and began to duplicate tokens on the DeFi platform. bZx developers noticed unusual movements in the Total Locked Value (TVL) which had dropped within a short period of time.
This led to suspicions that a breach had occurred on its protocol. The developers quickly informed users on Twitter and confirmed that a duplication incident had occurred with a couple of its iTokens.
The hackers duplicated the tokens to correspond with a 1:1 ratio to the existing assets deposited on the bZx protocol. Following the hack, bZx suspended loan and withdrawal operations, however, the hackers had managed to duplicate $8.1 million worth of tokens.
BZx further clarified in a subsequent tweet that the tokens duplicated had been removed from the protocol’s insurance funds and no users funds had been tampered with.
The total tokens that were duplicated include:
4,503 ETH ($1,637,000)
219,000 LINK ($2,628,000)
bZx Targeted by Hackers Despite External Audits of Protocol Codes
This latest hack attack on bZx is a major blow for the DeFi platform. Following the initial hack attacks in February, the DeFi platform had submitted its protocol codes for rigorous auditing.
These audits were performed by Certik and Peckshield and lasted for about 7 weeks and 12 weeks, respectively, with the main purpose of preventing further breaches. The latest hack suggests that there may be deeper flaws on the bZx protocol than initially thought with the bZx team suggesting that this latest flaw was due to the size of its code.
Despite assurances from the bZx team that everything is back to normal, the response from the crypto community suggests that the confidence in the DeFi protocol is at an all-time low.