Hackers or group of hackers have exploited the bZx Protocol, twice, in under a week, profiting almost USD 1M. In the infographic below, we cover the technicals behind the exploitation.
We then go to explain how this hack is the result of conscious negligence from the bZx team.
The Hack, Explained.
bZx uses only Kyber as its oracle, easing the means for a hacker to target them. However, after the attack, the team Tweeted…
Not only did the hacker expose Protocol weaknesses, but also raise a question on how “decentralized” DeFi platforms are?
Charlie Lee, founder of Litecoin, chimed in to call DeFi a “decentralized theatre,” a legitimate quirp given that bZx not only paused its platform, but used the master key to reverse some of the losses.
bZx, which maintains the Fulcrum protocol used an “administrator key”, the key that is built into the protocol and it allows them to control the
smart contracts where the funds are stored. That proves that there is a
centralized entity that users have to trust not removing this trust as
DeFi is supposed to do.
smart contracts where the funds are stored. That proves that there is a
centralized entity that users have to trust not removing this trust as
DeFi is supposed to do.
There’s More to the Story.
One great problem here is bZx team’s incompetency at handling disastrous events and absolute disregard for users’ funds.
Not only did they get hacked (twice within days), they also used their
masterkey to try and revert some of the losses, making the concept of
DeFi moot by showing to the public that their “decentralized” finance
protocol is both unsafe and centralized. A key highlight for why
developers should avoid self-managing their PR, as one protocol
single-handedly brought to question the viability of the entire DeFi
ecosystem.
masterkey to try and revert some of the losses, making the concept of
DeFi moot by showing to the public that their “decentralized” finance
protocol is both unsafe and centralized. A key highlight for why
developers should avoid self-managing their PR, as one protocol
single-handedly brought to question the viability of the entire DeFi
ecosystem.
It gets better — or rather, worse
The bZx team admitted to have unaudited contracts on mainnet, then denied, chopped, and delayed payments to those who helped them, and refused to notify users about a problem they were aware of.
The team’s conscious decision to avoid warning users of the potential for a
major loss of funds shows that the team neglected its responsibility to
protect users funds, and the fact that users funds were lost due to a
central point of negligence only further strains the DeFi boom narrative.
major loss of funds shows that the team neglected its responsibility to
protect users funds, and the fact that users funds were lost due to a
central point of negligence only further strains the DeFi boom narrative.
For more, follow us on our Socials.
Telegram News: https://t.me/daomaker_ann
Telegram Chat: https://t.me/daomaker