Decentralized finance (DeFI) protocol bZx has suffered a second attack, with a hacker this time making over $630,000 worth of ether thanks to a flash loan that manipulated the price of sUSD.
The attack seemingly saw a hacker take out a flash loan for 7,500 ETH and use half of it to buy the sUSD stablecoin close to the $1 mark. The funds were then subsequently used on bZx as collateral, and part of the initial loan was used to buy more sUSD on the Kyber and Uniswap exchanges to drive its price to over $2.
This way the attacker managed to take out a larger loan and borrow nearly 6,800 ETH on bZx. The funds were used to repay the original flash loan. His total profit was of 2,378 ETH, at press time worth over $630,000.
borrow +7500 ETH
-3518 ETH to buy sUSD from depot at $1
deposit the sUSD into bzx as collateral-900 ETH bid up the value of sUSD through kyber
borrow +6796 ETH from bzx
repay -7500 ETHprofit 2378 ETH
thx do i get a bounty @bzxHQ @synthetix_iohttps://t.co/REuFHFtRfO https://t.co/xQ7zM9Y113
— 찌 G 跻 じ ⚡️ 🔑 (@DegenSpartan) February 18, 2020
On bZx’s Telegram channel one of its co-founders, Kyle Kistner, noted the attack appeared “to be an oracle manipulation attack” before details of what happened were revealed. This is the second attack the DeFi lending platform suffers in four days, with the first one seeing hackers take over 1,190 ETH from it.
The first attack saw hackers take out a 10,000 ETH loan on dYdX to send half to Compound and half to bZx. On Compound, the user borrowed 112 wrapped bitcoin tokens (wBTC) using the ETH, and then entered a short position for 112 wBTC on bZx. Using the funds from Compound, the user lowered the tokens’ price via Uniswap.
Both exploits took advantage of so-called flash loans, which are loans both issued and paid in a single transaction. The first is believed to have compromised roughly 2% of the total assets under management of bZx’s Fulcrum platform, used to margin trade and take out loans.
Following the first attack, bZx stated using Chainlink’s solution to red-flag suspicious transactions. Its protocol was paused after both attacks.
Featured image via Pixabay.