Editor's Note: This article comes fromBlue Fox Notes (ID: lanhubiji), reprinted by Odaily with authorization.
Blue Fox Notes (ID: lanhubiji)
Blue Fox Notes (ID: lanhubiji)
, reprinted by Odaily with authorization.
Hackers launched an attack on bZx during the ETHDenver conference, like a well-planned ambush on DeFi. While the amount lost was modest, it clearly had some impact on the market over the past two days.
secondary title
What is a bZx event?
Although many people call the bZx incident an "attack incident", it is essentially more like an arbitrage manipulation using DeFi protocols and products. "Attacks" make full use of the functions of multiple protocols and products of DeFi to obtain funds at a very low cost, and realize profits by manipulating prices. This operation takes more than ten seconds, which is the time of one block of Ethereum. It happened during Ethereum block height 9484688 on February 15, 2020.
The whole operation is roughly as follows:
In the second step, when the "attacker" gets 10,000 ETH, it deposits 5,500 ETH in Compound as collateral, and lends 112 wbtc. This 112wbtc prepares for the subsequent sell-off.
The third step is to deposit 1,300 ETH into bZX, initiate a bZx margin transaction, borrow 5637.6 ETH, and obtain 51.3 wbtc through Kyber’s Uniswap reserve, resulting in a huge slippage.
In the fourth step, the price of wbtc was raised by more than 3 times on Uniswap, and then the attacker sold the 112wbct borrowed from Compound, which resulted in a return of 6871.4 ETH.
In the fifth step, the attacker returns the dYdX flash loan of 10,000ETH. Then, the attacker's balance is 71.4ETH at this time. Among them, 6871.4ETH and unused 3200ETH add up to 10,071.4ETH. Therefore, after repaying the flash loan, there is still 71.4ETH left. In addition, the attacker still has positions in Compound and bZx. Compound has 5,500WETH collateral and 112wbtc debt, and bZx has 4337WETH debt and 51wbtc collateral (bZx part cannot). According to the market price, the attacker can use about 4300ETH to exchange for 112wbtc, then, that is to say, the attacker returns 112wbtc (using about 4300ETH) in exchange for 5500WETH, which is 1200ETH, then plus the previous 71.4ETH, the attacker will make a profit of about 1,271.4 ETH, according to the price of ETH at about US$280 at the time, the attacker made a profit of about US$350,000.
secondary title
The reason why this "attack" can be realized is based on the composability of these permissionless DeFi protocols and products. The power of this attack is that the attacker did not use his own funds, but operated entirely by using DeFi protocols and products. The key point is that flash loans do not require collateral, as long as they are repaid within one Ethereum block. Since there is no need to mortgage assets, this is also a key starting point for this bZx "attack" event to achieve empty-handed wolves. In addition, the 5-fold margin transaction allows attackers to borrow a large amount of tokens at low cost. However, to finally achieve the goal, the "attacker" still needs to achieve it through price manipulation, the core of which is the price manipulation of WBTC/ETH, by pulling up WBTC (about 3 times the normal price), and then selling it to generate income.
In fact, this is not the first time such an incident has occurred. Blue Fox Notes also mentioned the "attack incident" that happened to synthetix before"DeFi and the economic crisis in the crypto world》、《secondary title》。
Increased Demand for Decentralized Oracles and DeFi Insurance
Due to the potential security issues of DeFi, the bZx incident brought decentralized oracles and DeFi insurance into people's field of vision again. After this incident, bZx plans to cooperate with the decentralized oracle project Chainlink to prevent price manipulation. In addition to Chainlink, other decentralized oracles will also be in demand. After all, the risk of a single oracle is relatively high. Currently Tellor, Dos, Band, Nest, etc. are all exploring the direction of decentralized oracle machines. For related content about decentralized oracles, please refer to the previous article "
