The DeFi platform bZx has been hacked for the third time this year. This time an unidentified attacker withdrew around $8 million.
⚠️ 📢 UPDATE:
1/ At 3:28 AM EST we began investigating a drop in the protocol TVL. By 6:18 AM EST we confirmed that a duplication incident had occurred with several of the iTokens.
— bZx (@bZxHQ) September 13, 2020
The attacker exploited buggy code that allowed him to duplicate assets. The platform suspended deposits and withdrawals a few hours after the attack.
“The duplication method has been fixed in the iToken contract code, and the protocol has resumed normal operation,” the statement said.
Representatives of bZx issued a separate report with details of the withdrawn amounts: 219 200 LINK (~$2.6 million), 4502 ETH (~$1.64 million), 1.7 million USDT, 1.4 million USDC and 667 989 DAI. The total loss was about $8 million.
Representatives of the project pledged to reimburse users from the insurance fund. They said there is no need to withdraw assets.
The native token of the platform tumbled almost 40% after the hack — from $0.68 to $0.42. At the time of writing, the token was trading around $0.45 (CoinGecko).
Source: CoinGecko.
UPDATE:
On Monday, September 14, bZx said they had returned all stolen funds; the team promised to disclose details later.
📢 UPDATE:
We are relieved to announce that the missing funds are now restored. More information will follow.
Stay tuned!
— bZx (@bZxHQ) September 14, 2020
According to CoinDesk, the attacker returned the assets worth $8 million after DeFi platform specialists traced them with on-chain analytics.
Earlier, the first attack on the DeFi platform occurred in mid-February, when the bZx team participated in the ETHDenver hackathon. The attacker withdrew 1,193 ETH ($350,000), or roughly 2% of the total asset base.
Two days later, unknown parties attacked the platform again. The losses were estimated at 2,388 ETH ($645,000).
Follow ForkLog news on VK!