Defi Protocol Bzx Loses $8.1 Million in Third Hack This Year – News Bitcoin News


Defi Protocol Bzx Loses $8.1 Million in Third Hack This Year

So called decentralized finance (defi) lending platform Bzx on Sunday lost $8.1 million in a new hacking attack, the third this year, caused by a flawed code in its smart contracts.

The bug allowed the hacker to mint 219,200 LINK tokens (valued at $2.6 million); 4,503 ETH ($1.65 million); 1,756,351 USDT ($1.76 million); 1,412,048 USDC ($1.4 million) and 667,989 DAI (worth $681,000).

Marc Thalen, lead engineer at, first discovered the vulnerability in the smart contracts and reported it to Bzx, warning $20 million was at risk.

In a statement, Bzx co-founder Kyle Kistner said that the defective code permitted an attacker to duplicate assets or even increase the balance of the protocol’s interest-bearing token called iTokens.

Bzx noticed the security breach some hours later and immediately halted minting and burning of iTokens. Trading resumed after a fix that corrected the balances and duplications.

Kistner detailed that investor funds faced no risk as they were promptly compensated. He said:

No funds are at risk. Due to a token duplication incident, the protocol insurance fund has transiently accrued a debt. The insurance fund is backstopped by both the token treasury in addition to protocol cash flows.

Thalen exploited the faulty code himself, generating a loan of 100 USDC. “From this I retrieved iUSDC. I then sent this to myself practically duplicating the funds. I then created a claim for 200 USD,” he tweeted.

Two audit firms, Peckshield and Certik, failed to pick up the flawed smart contracts code. Peckshield responded, saying: “One audit cannot guarantee to find all potential issues, but with continuous work from developers and auditors, we are getting ever closer to the goal of minimizing security risks.”

This is the third time that Bzx has been attacked in 2020. Two separate attacks in February cost the protocol just under $1 million. Founded in 2017, Bzx is a decentralized protocol built on the Ethereum blockchain for lending and trading with margin and leverage.

Tags in this story
Bzx defi protocol, decentralized finance, Ethereum smart-contracts, hacked, iTokens, Kyle Kistner, Marc thalen

What do you think about the recurring hacks at Bzx? Let us know in the comments section below.

Jeffrey Gogo

Jeffrey Gogo is an award winning financial journalist based in Harare, Zimbabwe. A former deputy business editor with the Zimbabwe Herald, the country's biggest daily, Gogo has more than 17 years of wide-ranging experience covering Zimbabwe's financial markets, economy and company news. He first encountered bitcoin in 2014, and began covering cryptocurrency markets in 2017

Image Credits: Shutterstock, Pixabay, Wiki Commons

Show comments