The attacker withdrew $ 350,000 from the bZx DeFi platform, spending less than $ 9 on commissions

The bZx platform lost $350,000 or about 2% of its total assets under management due to the actionsan attacker who used various DeFi protocols to implement his plan. It is reported by CoinDesk.

During the attack, the project team participated inHackathon ETH Denver. Shortly after identifying problems and the subsequent closure of the Fulcrum trading platform, the company confirmed its intention to compensate users for losses.

</p>

Head of bZx collaborative startup Staked TimOgilvy said that the attack was made possible thanks to the use of so-called instant loans by the attacker. This new financial service involves the receipt and repayment of credit in a short period of time, for which, as it turned out, you can carry out manipulations.

According to Ogilvy, the attacker received a flash loan of 10,000 ETH, worth about $ 2.67 million. After that, he divided the funds by sending 5000 ETH to Compound, and the other half to bZx.

Then the attacker opened a short position onWrapped Bitcoin (WBTC) via bZx and almost immediately took 112 WBTC (about $ 1.1 million) on the Compound service, which it then sold on the non-custodian exchange Uniswap.

Ogilvy emphasized that selling WBTC with Uniswap put pressure on the price of this Ethereum token, making the short position extremely profitable.

“There are big risks. This is a new area, it is developing rapidly, which means that some things can break. ”- said the head of Staked.

According to Trustnodes, the commission costs for the entire complex of operations with tokens cost the attacker only $ 8.71.

Previously, developers of the largest DeFi platformMakerDAO fixed a critical vulnerability in updating the protocol, which could lead to the loss of 10% of the total collateral of users of DAI token