bZx, a DeFi platform that offers decentralized lending, borrowing, and trading, has reassured clients that “all users have ZERO losses” after an attack on the protocol. The platform posted a 7-part Twitter thread explaining that what appeared to be a hack was more like a huge loan that, as long as it was honored, would in fact be of a huge benefit to the lending pool and the platform alike.
Funds are SAFU:
1/*All users have ZERO losses*. Last night there was a widely reported attack that took place against our protocol. From the perspective of the protocol, someone simply took out a loan. From the perspective of the lender, this loan is like any other.
— bZx (@bzxHQ) February 15, 2020
“Portion of ETH Lost”
Reports of an attack on the platform emerged on Saturday as Kyle Kistner, bZx co-founder, informed the project’s Telegram community that the ecosystem had been compromised:
There was an exploit executed against the contract. There was a portion of ETH lost. We have paused the contract except for lending and unlending. We are still consulting with the relevant security researchers to understand the precise cause of the issue. We will be publishing a more in-depth post-mortem. The remaining funds are safe.
Initial estimates suggested that at least $350,000 in ETH had been stolen through the attack. Initial suggestions were that the attacker seemed to have leveraged the increasing complexities across the multiple DeFi protocols offered by bZx to manipulate the system and extract the ETH, but with the hack still being investigated there is nothing to confirm or deny this suggestion.
Just a Big Loan?
bZx has tried to equate the event to a large loan, stating that “As long as it is a permanent borrower, it is a great boon to lenders.” They even ask the community to “stand by this borrower and ensure that they continue to pay interest”, which is a very odd turn of phrase. Are they supposed to cheer the borrower on from the sidelines, or send them messages of support?
bZx explains that there has been a run on iETH, the type of ETH that lenders offer up for lending, which is understandable in the circumstances, but explains that the attacker has left $600,000 in wBTC as collateral which they will be using to “stream interest and exit liquidity to existing iETH holders.”
A Cause for Concern for DeFi
While it is good news that actual user funds are safe, the suggestion that the lending pool can only remain healthy is if this ‘attacker’ pays back what they have borrowed at the same high rate of interest is a little worrying and somewhat confusing. Hopefully the situation will become clearer after the “post mortem” is carried out and the results presented.
