Over $630,000 worth of ether has been stolen recently from Ethereum, by exploiting project bZx. This is the second attack in less than a week. Nevertheless, the bulls are eager to attack the $300 resistance level for ETHUSD. Ethereum is experiencing an amazing rally in the recent weeks that drove the price from $116 to way above $280. However, the fraud may undermine the trust in the ETH ecosystem.
Screenshot source: PrimeBit Webtrader
Project bZx is a type of lending that occurs through blockchains, currently most popularly on Ethereum. The protocol is decentralized, and there are no fees associated with this type of loan, except for 10% fees that go towards the maintenance of insurance funds.
Project bZx announced via Twitter that they were going to suspend trading on the project until things had been sorted out. They have also stated that the company intends to cover the loss entirely so that it is not passed on to users.
On February 15, project bZx was also exploited, and in this case, the equivalent of $350,000 was taken. This is equal to approximately 2% of the entire project’s assets. DeFi also made an announcement about this on Twitter, stating that trading was paused while they worked to understand what was going on. They also stressed here that users would experience zero losses.
These attacks are caused by the perpetrators taking out massive flash loans. In the DeFi system, users can take out loans that are up to 75% the value of their collateral. This ensures that they can pay them back and that they are incentivized to do so. When it comes to flash loans, traders can take out a loan on behalf of someone else, but they don’t need to post any collateral.
Exploiters managed to take the money in a process that lasted just over a minute. They managed to take out a flash loan of 7,500 ETH, which they then used part of (3,500 ETH) to purchase an amount of sUSD. This could then be used as collateral for taking out a loan through bZx.
You can trade ETHUSD with up to 200x leverage on PrimeBit.com
With some of the remaining ETH, they artificially raised the value of sUSD until it hit $2. Now that their collateral was inflated, they took out a second ETH loan (valued at approximately 6,800), which was used to pay back their initial investment. They then pocketed the rest of the ETH, which was about 2,378 ETH, equating to roughly $630,000.
Flash loans have been used successfully on several other DeFi projects and worked well for them, and this is the first time it has resulted in exploitation. It should also be noted that the instruments that facilitated flash loans for project bZx were only added on Monday. Staff at DeFi are adamant that their tools are not faulty. They worked as they were supposed to, and this attack could have quickly been done using other devices as well.
As a result of the attacks, DeFi is looking to speed up their plans to integrate Chainlink, to be used as another security measure. Project bZx will remain offline until this has been added, and customers will receive limited access to the site at first, specifically only lending, unlending, and closing loans. The remainder of the site will go live when DeFi is confident that it is once again secure. On their website, it also states that the community will have a higher power to decide the future of the project, determining how best to use it.
This article was submitted by PrimeBit.
