$55M Stolen from DeFi Lender bZx
According to a
tweet by a blockchain ecosystem auditors SlowMist, bZx has suffered a hack
reportedly of $55 million. bZx is a Decentralized finance (DeFi) margin lending
protocol that runs on Ethereum, Polygon and Binance Smart Chain.
The attackers send one of the team members malware embedded in an email attachment as per analysis and thereby managed to get access to bZx private keys, controlling Binance Smart Chain BSC and Polygon deployments. Then the stolen BZRX deposited as collateral by attacker to borrow other funds on the protocol. Those who had given unlimited approvals to those contracts got affected including lenders, borrowers, and farmers.
A preliminary report was released by bZx which highlights the attack method, timeline, and repercussions. As the protocol team said, “personal losses from the team wallet that was compromised” were consists of 25% of the hacked amount. As it stated, "The bZx smart contracts themselves were not compromised. This incident only impacted the Polygon and BSC deployments via a compromised key." In which Ethereum contracts weren't compromised. Investigation for the incident is yet going on.
Other hacks suffered by bZx:
This hack was not the first time. In year 2020, bZx suffered three hacks. In the month of February, two hacks took place for $630,000 and $350,000 respectively. In September 2020, the third hack took place which was largest out of these attacks. Around 30% of the funds that was locked into the bZx protocol were drained through this exploit. The protocol was though paused and $8 million in cryptocurrency were recovered.
CBW - External Analyst