Ethereum-based DeFi platform bZx recently reported a major exploit that resulted in $350,000-large loan.

The bZx team stated that there is no actual loss, but the situation is very complex.

The mentioned amount is only a rough estimate, as determining the precise amount is difficult due to complexity, but the team assured users that they will not be affected.

This weekend, numerous services offered by Ethereum network’s seventh-largest DeFi platform — bZx — ended up frozen due to an exploit of the so-called ‘flash lending.’ The exploitation involved $350,000, which is estimated to be around 2% of all the assets that the platform has under management. bZx’s team, however, stated that it is impossible to estimate how much was taken, exactly.

On February 15th, the platform simply announced on Twitter that Fulcrum has been taken down for maintenance, promising to release further details soon.

Are you looking for fast-news, hot-tips and market analysis? Sign-up for the Invezz newsletter, today.

Fulcrum has been taken down for maintenance. Details to follow.— bZx (@bzxHQ) February 15, 2020

In another tweet, they noted that the official report will be delivered today, February 17th, at 5 pm. The delay comes due to the complexity of the transaction, which made an accounting of the losses complicated and time-consuming. We know that everyone is waiting patiently for the official report. We can confirm It will be released at 5pm MST on Feb 17th, 2020. Set your clocks! We appreciate your patience.— bZx (@bzxHQ) February 17, 2020

Another report by TrustNodes stated that bZx will integrate Chainlink in order to diversify its price sources, according to what the team said during earlier consultations. A representative from bZx then confirmed that the integration of ChainLink will indeed, occur.

What actually happened?

Despite the gravity of the exploitation, the team assured users that no lender will be affected by the attack in any way. 5/ We will be issuing a more detailed post-mortem as soon as possible. Right now, we wanted to simply reassure users that the funds are in fact safe. No lender will be affected by the attack. Lastly, we apologize to our traders who have come to depend on our consistent up-time.— bZx (@bzxHQ) February 15, 2020

They also pointed out that the platform did not suffer a traditional hacking attack. From the perspective of the protocol itself, someone simply requested a loan, which is, in theory, like any other. Funds are SAFU:



1/*All users have ZERO losses*. Last night there was a widely reported attack that took place against our protocol. From the perspective of the protocol, someone simply took out a loan. From the perspective of the lender, this loan is like any other.— bZx (@bzxHQ) February 15, 2020

The issue lies in the fact that the ‘attacker’ borrowed 10,000 ETH ($2.67 million) in a flash loan, which is a code-based lending operation that lets traders borrow and return funds over brief periods. The attacker then sent half of the amount to another DeFi protocol, Compound, while the rest went to bZx. Following the deposits, the attacker shorted WBTC on bZx, and then borrowed 112 WBTC ($1.1m) on Compound. They then sold the amount on UniSwap, a third DeFi market.

While the move was rather complex, the team also stressed that there is no actual loss, and as long as the borrower returns the money with interest, the pool will remain as healthy as it was so far. In other words, there is no reason to panic. Despite this, the price of iETH briefly dropped, only to return to regular height after a while.