Join the hunt for $12,000,000+ in NEXO Tokens!

Learn More

bZx Recovers $8.1M Lost in Third Exploit

Will a third exploit spell the end of bZx, or can the protocol bounce back for the fourth time?

Bitmex user emails were leaked

Key Takeaways

  • bZx marked it's third exploit of 2020, losing $8.1 million of funds to a vulnerability in the code.
  • The BZRX token fell by 30% in the aftermath of the incident, as the burden of the loss was shifted to the insurance fund.
  • bZx's fate rests with the broader DeFi community and whether they decide to return to the protocol as users.

Share this article

Less than two weeks after re-deploying on mainnet, bZx was exploited for $8.1 million of LINK, ETH, and stablecoins. The incident caused the BZRX token to fall over 30%, as the value of the token secures protocol deficits.

Shortly after the exploit, however, the team confirmed that they had tracked the attacker down and have recovered the lost funds.

How Many Times Is Too Many?

Earlier this year, the team behind bZx paused the protocol after two consecutive hacks caused a mass outflow of capital. Promising to come back stronger, bZx built a new iteration of the product over six months. The protocol was finally deployed again on Sept. 2.

In less than two weeks, and bZx had been attacked once again.

This time, however, the loss is exceptionally higher than before. Given prevailing prices at the time of the hacks, bZx had been previously exploited for $330,000 and $640,000, respectively.

The latest hack saw $8.1 million of customer funds lost.

bZx’s iToken’s were deployed with a bug that allowed users to increase their balances artificially. The platform’s sustained losses were as follows:

  • 219,199.66 LINK ($2.61 million)
  • 4,502.70 ETH ($1.65 million)
  • 1,756,351.27 USDT
  • 1,412,048.48 USDC
  • 667,988.62 DAI

The insurance fund will bear the liability for these losses. Since the BZRX token derives a portion of its value from the insurance fund, its price tanked 31% yesterday.

BZRX is down 74% since peaking on Aug. 31.

BZRX price chart
Source: TradingView

Even after writing new code, employing fresh audits, and coming back to mainnet, bZx cannot seem to catch a break – and neither can their investors.

In a blog post dissecting the incident, bZx attributed the multiple hacks to the protocol being “the most powerful, fully functioned lending protocol in the space, and this means that there is a lot of code to cover.”

Smart contracts are challenging, but suffering three exploits in seven months is absurd.

The fate of bZx is now solely in the hands of the DeFi community. Whether users will return to the protocol remains to be seen.

Editor’s update [28.10.2020, 09H50 UTC]: This article has been updated to show that the bZx team has recovered the lost funds in question.

Share this article