Flawed code made hacker $8M more richer.

30 93
Avatar for alberdioni8406
4 years ago

It's kinda some bad "karma" about hacking on bZx, with the third attack on the lending protocol making criminals $8M more richer, in February two other attacks also made some of this criminals steal more than $925,000 from bZx smart contracts.

The hacker exploited a flawed code which made them duplicate their assets and made possible to the hacker mint:

  • 219,200 LINK, tokens (worth $2.6M)

  • 4,503 ETH ($1.6M)

  • 1,756,351 USDT ($1.7)

  • 1,412.048 USDC ($1.4M)

  • 667,989 DAI ($680,000)

  • That's a total sum of $8.1M in losses.

The decentralized lending protocol with the hacking didn't lost only funds in the incident but also the trust of users who locked value in the protocol, who after the attack the total value locked reduced extremely from more than $21M to near $6M, check on Defipulse, meaning that besides the attack users also take down some funds from the protocol in about $7M.

The DeFi project is doomed and may lose customers which won't handle this constant attacks, the bZx team made a statement saying that funds from customers aren't lost are safe with the firm to compensate the losses with their insurance firm, but no one like a smart contract with problems and no audit could solve it right now because bugs may be a lot more not detectable right now and to have it more secure the smart contracts must be evaluated in shut down mode.

Well, let's see what the team will do in order to gain trust one more time from their investors and willing to put more assets in the lending protocol... I believe that will be very hard to convince them!

Stay tuned for more news, download Brave Browser and earn BAT for watching non intrusive ads and surf secure the web, earn some BCH for your articles joining read.cash, subscribe for more updates.

52
$ 0.54
$ 0.54 from @TheRandomRewarder
Sponsors of alberdioni8406
empty
Avatar for alberdioni8406
4 years ago

Comments

Cheap ways to earn money.if the hackers have real cradibility they should make their own software and run it.

$ 0.00
4 years ago

Thanks for passing by ansmd leaving your comment, I really appreciate it.

$ 0.00
4 years ago

This is a one big issue. Some says that your money or the investment that you will have is and will always be safe in a company with a smart contract. But what happens to the Company makes its Investors to lose their trust to them. Losing that huge amount of investment from your investors will surely also lose their trust and sight of the future of your company. As of todays, hackers has become very intelligent and exploring in the internet. We can't say we our money is safe in a digital world because we still don't know what they are still capable of.

$ 0.00
4 years ago

That was bad for bZx and what they lost most was the Trust like you noted and that is something that to recover will take time!

$ 0.00
4 years ago

I wonder how can they get up from what they have lose? Can they still stand up in front of their investors after all that have happened?

$ 0.00
4 years ago

Will be difficult and in DeFi people are looking to earn money not to join protocols that can pit their money in danger, this time they didn't lost because their assets have insurance but what about tomorrow?! And o note that this firm allowed their 3 hacking in a couple of months losing barely $9M they definitely lost Trust.

$ 0.00
4 years ago

Nice article very impormative to us.

$ 0.00
4 years ago

Thanks for the compliment mate🙌

$ 0.00
4 years ago

This is concerning...I think DeFi has become the new wild west, since crypto was already considered to be the wild west.

I see comments below about proper coding, and audits, but the truth is criminals are extremely intelligent. It would be naive to think hacks are a result of a few individuals. I'm sure there are sophisticated teams of criminals working on exploits with varying degress of participation among individual members.

Huge tech companies face hacks all the time, and they have enormous resources to tackle that problem. Yet hackers are still successful. I can't imagine a small team on a new project with limited resources.

I think right now, the advantage is with the criminals, and I would be reluctant to invest in new projects for a while.

$ 0.00
4 years ago

so you mean their codes is not tried and tested if theres a leak or bug.most often before they published some apps of software no it would be passed on apps tester for security

$ 0.00
4 years ago

Well it may have passed for inspection before goes online but if the code isn't well designed and audited for security purposes to work in smart contracts it an have bugs and hackers everyday pass to test this and exploit if they flaw, and this case unfortunately to bZx lost $8M.

$ 0.00
4 years ago

its a huge amount,and they didn't notice that for how many days about whats going on in their codes...its a bad luck for them..

$ 0.00
4 years ago

Actually they did an update on the code the same day was exploited maybe the flaw just happened for a human error because the smart contract was recently audited.

$ 0.00
4 years ago

Nice article

$ 0.00
4 years ago

Nice

$ 0.00
4 years ago

Thanks you so much bro absolutely correct we need more about that.

$ 0.00
4 years ago

It is important to hire talented programmers to make the code perfect!

$ 0.00
4 years ago

Yes it's a nonsense those protocols should have great software engineers to create and audit them or else they will be always target of criminals.

$ 0.00
4 years ago

And it is still unbelievable they can still manage to keep 6 mil... I would have taken out everything already... 1 time maybe, 2 time no, 3 times never! It reminds me of ETC...

$ 0.00
4 years ago

They still believe somehow could change something, but they are wrong that protocol is doomed to fail and with that takes peoples money.

$ 0.00
4 years ago

In a different point of view it means that they are improving and they must be getting much much more careful. I think projects like these are based on very small teams with a ressources. And they do have to get their things out... At least they were smart enough to get insurance. As I said not for me but this might attract some people as they can only get better.

I would be scared is something like this went unoticed to be discovered in some other major chains or worse in ETH or BTC or any other "softwares".

$ 0.00
4 years ago

Well they may be small in team but practical a big firm with almost $21M TVL and with insurance may be perfectly capable to hire software security engineers that can be able to detect easily this flaws, and they also have audit firms working with them!

$ 0.00
4 years ago