DeFi lending exploitation leads bZx to integrate Chainlink

Written by

Written on Feb 17, 2020

Reading time 3 minutes

Ethereum-based DeFi platform bZx recently reported a major exploit that resulted in $350,000-large loan.
The bZx team stated that there is no actual loss, but the situation is very complex.
The mentioned amount is only a rough estimate, as determining the precise amount is difficult due to complexity, but the team assured users that they will not be affected.

This weekend, numerous services offered by Ethereum network’s seventh-largest DeFi platform — bZx — ended up frozen due to an exploit of the so-called ‘flash lending.’ The exploitation involved $350,000, which is estimated to be around 2% of all the assets that the platform has under management. bZx’s team, however, stated that it is impossible to estimate how much was taken, exactly.

On February 15th, the platform simply announced on Twitter that Fulcrum has been taken down for maintenance, promising to release further details soon.

https://twitter.com/bzxHQ/status/1228555300971655168

In another tweet, they noted that the official report will be delivered today, February 17th, at 5 pm. The delay comes due to the complexity of the transaction, which made an accounting of the losses complicated and time-consuming.

https://twitter.com/bzxHQ/status/1229207510273282048

Another report by TrustNodes stated that bZx will integrate Chainlink in order to diversify its price sources, according to what the team said during earlier consultations. A representative from bZx then confirmed that the integration of ChainLink will indeed, occur.

What actually happened?

Despite the gravity of the exploitation, the team assured users that no lender will be affected by the attack in any way.

https://twitter.com/bzxHQ/status/1228787129381031936

They also pointed out that the platform did not suffer a traditional hacking attack. From the perspective of the protocol itself, someone simply requested a loan, which is, in theory, like any other.

https://twitter.com/bzxHQ/status/1228787125740437504

The issue lies in the fact that the ‘attacker’ borrowed 10,000 ETH ($2.67 million) in a flash loan, which is a code-based lending operation that lets traders borrow and return funds over brief periods. The attacker then sent half of the amount to another DeFi protocol, Compound, while the rest went to bZx. Following the deposits, the attacker shorted WBTC on bZx, and then borrowed 112 WBTC ($1.1m) on Compound. They then sold the amount on UniSwap, a third DeFi market.

While the move was rather complex, the team also stressed that there is no actual loss, and as long as the borrower returns the money with interest, the pool will remain as healthy as it was so far. In other words, there is no reason to panic. Despite this, the price of iETH briefly dropped, only to return to regular height after a while.