bZx has announced a raft of new measures to tackle the ‘hacks’ that have seen the platform lose hundreds of thousands of dollars in a matter of days. The measures include adding in a Chainlink oracle sooner than planned and removing timelocks from contracts, with limited functionality set to resume once the changes have been applied.
1/ WHAT WE KNOW SO FAR: There was a second attack. This attack was completely different from the first. This time it was an oracle manipulation attack, a modified version of the original exploit we worked closely with @samczsun to fix: https://t.co/lDcyDQf44i
— bZx (@bzxHQ) February 18, 2020
Users Suffer No Losses
bZx has been forced to act after two separate incidents that saw individuals gaming the complex system of loans and margin trades bZx operates to walk off with over 3,500 ETH. In a series of Tweets posted yesterday, bZx gave a little more detail on the second attack as well as outlining the steps they are taking to remedy future attacks.
bZx stated that they were one again able to “delay the realization” of the $600,000 loss caused by the second attack, with the result that the system should be able to recover. Again, there was no loss of funds to users, with the attacker once again playing the various elements of the bZx ecosystem off each other to make off with a handsome profit.
In this case the individual manipulated the APR and Uniswap polls within the sUSD reserve on Kyber exchange, allowing them to “bypass our check of both sides of the spread.” In consequence, bZx plans to allow traders and borrowers to close their positions but not ‘mint’ the resulting tokens, meaning that for the immediate future they will not be able to realize their gains until bZx has the Chainlink oracle in place to reconcile the transactions, which bZx hope will negate fraudulent activity.
DeFi’s Growing Pains a Natural Part of Evolution
The two attacks have caused many in the space to question the readiness of DeFi applications space to challenge the practices of the established financial industry. In truth, DeFi applications are going through the same growing pains that any new technology does, as crypto itself knows only too well. While incidents such as these are unfortunate, they are inevitable and, one could argue, important, as they help guide platforms like bZx on the path towards success.
To quote Robin Sharma, “change is hard at first, messy in the middle, and gorgeous at the end”. Let’s hope DeFi is just as gorgeous as it promises to be.