Decentralized Finance (DeFi) lending protocol, bZx, has been hit by the third exploit this year. This time, it is believed that the hackers made off with approximately $8 million worth of digital assets. The exploit comes just days after the project’s team relaunched on mainnet in an attempt to breathe new life into the protocol.
bZx’s native token, BZRX, plunged by over 25% after the latest hack.
The Nature Of bZx’s Third Exploit
The bZx protocol was exploited for the first time on February 14, as indicated by the post-mortem report. The attacker used the flash loan functionality to take full advantage of the platform’s utilization of a price oracle. The bad actor subsequently netted $350 million in profits from the attack.
Less than a week later, attackers conducted a similar attack on the network and left with nearly $635,000. These exploits paralyzed the protocol, forcing the team to take strong measures to get it up and running again. Specifically, bZx launched a new version of the project on September 2.
Unfortunately, bZx suffered another attack over the weekend. The hack stemmed from a bug that allowed the attackers to duplicate a handful of the iTokens. DeFi enthusiast and the co-founder of 1inch.exchange, Anton Bukav, revealed the nine duplicating transactions that allowed the attacker to duplicate 101,778 iETH tokens estimated to be worth around 4.7K ETH.
The lending protocol also reported the loss of 667,989 DAI, 1,756,350 USDT, 219,199 LINK tokens and 1,412,048 USDC. These losses totaled to around $8.1 million. Notably, the losses are significantly higher this time than in the previous two hacks.
The team behind the protocol has announced that the duplication method has been removed from the iToken contract code and normal functioning resumed. Additionally, the missing funds have been restored.
The Exploit Sparked A 25% BZRX Sell-Off
The price of bZx’s governance token, BZRX, took a mammoth beating earlier on Monday, plummeting as much as 25% as investors endured the recent hack. BZRX is valued at $0.52074 at the time of publication.
Nevertheless, $495.1K is still locked in the bZx DeFi protocol, according to DeFi Pulse. This is, however, a colossal decline from the $2.328 million locked on September 2.
The exploits on bZx come in the light of yield farming that has taken the crypto community by storm and ignited the DeFi frenzy. Nonetheless, it should be noted that Ethereum co-founder Vitalik Buterin has previously warned about the risks of smart contract security exploits in decentralized finance. Buterin had stated during an interview in late-July:
“DeFi is still fine, but don’t act like it’s a place where you should advocate for a lot of regular people to put their life savings into.”