Skip to main content

Hackers steal $8 million worth of cryptocurrencies from DeFi Protocol bZx

 


  • The hackers stole over $8 million worth of crypto funds due to a vulnerability found in the bZx system.
  • The bZx protocol suffered its first attack this year, as a hacker siphoned $1 million from the system.
  • In each of the first attacks, the hacker used different methods to steal funds from the Defi lending protocol.

Hackers were able to infiltrate the DeFi lending protocol bZx and stole more than $8 million worth of cryptocurrencies. This is not the first time the DeFi protocol has been attacked this year.

This time, the hackers were 8 times more potent than the previous attack on the margin and leverage-based trading and lending platform. The hackers leveraged a duplication vulnerability that gave them access to siphon USDCUSDTETH, and LINK, with a combined worth of over $8 million.

Anton Bukov, a team member of the bZx group shared a thread on Twitter to admit that the firm was hit by another attack. He also said the hacking was initiated due to the fault in the line of code for a smart contract. The hacking was successful after the hackers initiated the iToken transactions to siphon ETH.

How the attack occurred

When researchers delved deeper to find out how the hackers were able to infiltrate the DeFi protocol again, the report showed that there was a vulnerability in the “transferfrom0 protocol”, which allowed the successful transfer of ERC20 between protocols.

This made it easier to initiate the function when creating and transferring the iToken, giving the hackers the avenue to increase their balance. The hackers were able to initiate a transfer function using the same form & to address of the main function. Immediately after that, they used an InternalTransferFrom function with a single argument, allowing the lines to code faulty.

Subsequently, the hackers were able to increase the balance of –balancesTo while reducing the –balancesFrom, based on the report. After stealing $8 million from the DeFi protocol, the bZx hackers immediately patched the faulty code. After code coding companies Peckshield and Certik approved, the DeFi lending protocol decided to patch the code.

This is not the first time bZx has been attacked

With this recent spate of attacks, it seems bZx is facing a hard time this year. Based on an earlier report, a hacker successfully stole $1 million worth of ETH from the portal in two successful attempts in February.

In the first attack that occurred on February 14, the hacker made use of different methods in the attacks. First, the hacker took 10,000 ETH from dYdX and took a 112 wBTC loan on compound using 5,500 ETH.

In the second attack, which occurred four days later, the attacker drained the system off $600,000 by leveraging ‘oracle manipulation’ to cheat the system.

Source: invezz.com

Comments

Post a Comment

Contact us

Name

Email *

Message *

Popular posts from this blog

For my haters

₿  This is for people who told me to not put my money in Bitcoin 10 years ago 😂 RIP doubters and haters. #Bitcoin 💀 pic.twitter.com/sbuDljJtMv — Carl ₿ MENGER ⚡️🇸🇻 (@CarlBMenger) May 13, 2025
Post a Comment
Read more

Coinbase to Require Recipient Information for Crypto Transfers From Users in Canada, Singapore and Japan

  Customers in those countries who send crypto outside their Coinbase accounts must provide recipients’ names, addresses and in some cases, additional information, as of early April. Cryptocurrency exchange Coinbase Global (COIN) will soon require its customers in Canada, Japan and Singapore who send cryptocurrency to another financial institution or exchange to provide the name, address and in the case of Japan, the destination wallet of the recipient. Coinbase has been sending notices to its customers in those countries that the changes will take effect in early April in order to comply with local travel rules in those places. Coinbase didn't immediately respond to requests for additional comment on the moves, but confirmed that they were taking place. The move  does not seem to be going over well  with Coinbase customers in those countries, who value the anonymity of transactions using cryptocurrency. According to a  FAQ provided by Coinbase , for Canadian users, ...
Post a Comment
Read more

Jupiter plugin on your site

 Jupiter launches Jupiter Plugin , a customizable plugin that doesn't require RPC. PANews reported on August 7th that Jupiter announced the launch of the Jupiter Plugin.  This is an open-source, lightweight, plug-and-play version of Jupiter that allows users to seamlessly integrate end-to-end swap functionality into their applications with minimal effort.  Users can deploy it by simply adding a few lines of code.  Seamless Integration Embed Jupiter's Swap functionality directly into your application without redirection.  Multiple display options: Choose between integrated, widget or modal display modes.  Customizable options: Configure the exchange form to suit your application needs.  No RPC: Plugins can be integrated without any RPC, Ultra is responsible for handling transaction sending, wallet balance and token information.  Ultra Mode: Access all Ultra Mode features. Enjoy!
Post a Comment
Read more