Editor's Note: This article comes fromHoneycomb Finance News (ID: fengchao-caijing), Author: Hoho, reprinted by Odaily with authorization.
Editor's Note: This article comes from
Honeycomb Finance News (ID: fengchao-caijing)
Honeycomb Finance News (ID: fengchao-caijing)
, Author: Hoho, reprinted by Odaily with authorization.
On February 15th and 18th, the attackers took advantage of the "contract loophole" of the DeFi lending protocol bZx twice, and successfully "arbitraged" nearly one million dollars in less than 15 seconds.
Although the developer of the bZx protocol adopted emergency management permissions and successfully locked part of the attacker's revenue, the open operation with a one-click pause function has also attracted market doubts.
Not only that, on the day bZx was attacked for the second time, the value of locked assets in the DeFi ecosystem fell by 142 million US dollars within a few hours, and a crisis of trust in the DeFi ecosystem broke out.
Some people regard this as the "DeFi death knell", while others regard it as growing pains. It is an undeniable fact that the bZx incident made the currency circle notice the DeFi ecology that has not yet matured. At the same time, it also brings a warning to every entrepreneur engaged in the development of DeFi applications.
secondary title
bZx attackers arbitrage nearly a million dollars in three days
"Borrowing other people's money anonymously to attack the project, and finally returning it to escape, this is impossible under the traditional financial system." On February 24, Richard Ma, co-founder of the smart contract audit company Quantstamp, said on Twitter sparked a lot of discussion.
It has been 6 days since the assets of the DeFi lending agreement bZx were stolen, and the negative impact of the incident is still continuing.
On February 15th, in less than 15 seconds of Ethereum unit block time, an attacker used the "contract loophole" of the DeFi lending protocol bZx to call the smart contract mechanism back and forth between 5 DeFi products, and succeeded at zero capital cost. Arbitrage" $350,000 worth of tokens. Three days later, bZx encountered a similar attack again, and tokens worth $640,000 were successfully stolen.
Taking the first arbitrage as an example, the "attacker" first deposited 5,500 of the 10,000 borrowed Ethereum into the mortgage loan DApp Compound, and lent 112 WBTC. WBTC is a Tokenized token of Bitcoin, and the exchange ratio with Bitcoin is 1:1.
After that, the attacker took out 1300 of the remaining 4500 ETH, deposited it into the lending agreement bZx, and lent 5637 ETH with 5 times leverage, and then immediately converted it into WBTC. Since bZx is connected to the token trading protocol Kyber, which can be linked to the WBTC trading pool in the decentralized trading protocol Uniswap, the price of WBTC has been pushed up.
The attacker obtained 51.34WBTC through a series of operations, but this step has not yet produced any income. At this time, the price of WBTC has more than tripled on Uniswap.
Arbitrage happens at the last step. The attacker sold the 112 WBTC lent by Compound at a high price through bZx, and then obtained 6871.4 ETH, not only cleared the original debt of 5000ETH, but also successfully arbitraged about 1271ETH. About $350,000.
image description
Yudan believes, "In the DeFi ecosystem, price sharing should be a good thing. Everyone shares a market to prevent other risks caused by price inconsistencies in each DeFi application. But it also introduces the risk of over-reliance on third-party prices. Problem. When the third-party price market is artificially manipulated, DeFi projects that rely on these third-party data may suffer losses.”
Among the many discussions triggered by the incident, many people regarded the attack as a precise ambush against DeFi ecological problems. Although the amount lost in the two attacks was not as large as the one stolen from the centralized exchange, the difference between the two attacks on bZx was only 3 days. The security issues of DeFi projects have aroused concerns from the industry and users.
DeFi ecological locked assets evaporated 200 million US dollars
On February 18, the day bZx was attacked again, according to statistics from the analysis platform DeFi Pulse, the value of locked assets in the DeFi ecosystem fell by US$142 million within a few hours.
image description
DeFi ecological locked assets fell to 1.08 billion US dollars
According to data, at the beginning of this month, the total value of assets locked in DeFi protocols exceeded the US$1 billion mark for the first time, and reached a record high of US$1.22 billion on February 15. After the bZx incident, the value of locked assets in the ecology has dropped from a high point to the current $1.072 billion.
The bZx incident led to a crisis of trust in the DeFi ecosystem. "Everyone is afraid that the locked assets will be lost." Some insiders said.
"This is why I don't believe in DeFi." Litecoin founder Li Qiwei (Charlie Lee) bluntly stated on Twitter that most DeFi can be closed by a centralized department, so it is just a decentralized "theater", “Unless we add more centralization, no one is safe from hacks or exploits.”
In the face of outside doubts about the DeFi ecology, Yang Mindao, the founder of Blockpower, an institutional investor who has observed the DeFi ecology for a long time, gave another interpretation. He told Honeycomb Finance, "Compared to DeFi decentralized finance, I prefer the term open finance. Open finance is characterized by openness, transparency and minimal trust. Non-decentralized authority management does not mean with a centralized operation."
Yudan also holds the same view. He believes that the outside world should not deny the entire DeFi ecosystem due to this security incident. "The original intention of DeFi is open finance. The launch of a DeFi product also means that there are many unknown risks. The key is the last firewall after encountering the 'black swan' incident, and the operation of this administrator is also open on the chain, and the public can supervise through transactions on the chain."
Yudan believes that in the future, as long as the project party makes good use of such super authority, it will be conducive to the better development of the project to a certain extent, and when this centralized super authority is introduced, such authority can be completely decentralized, "for example Use multi-signatures to reduce the risk of evil within the project party."
secondary title
DeFi market size triples, safety meets challenges
If 2018 is the initial stage of DeFi, then the past 2019 can be regarded as the first year of DeFi development. According to data from DAppTotal, the total lock-up value of the entire DeFi industry has increased significantly, from $302 million on January 1, 2019, to $931 million at the end of the year, an increase of nearly 300%.
DeFi is the abbreviation of Decentralized Finance (decentralized finance), also known as open finance. At present, it is mainly active in the Ethereum network ecology. After two or three years of exploration and development, stable coins, lending platforms, and derivatives have been derived. , prediction market, insurance, payment platform and other financial innovations.
The central system controls and regulates the financial system is the existing mainstream state. DeFi hopes to establish a transparent, accessible and inclusive peer-to-peer financial system through distributed open source protocols to minimize trust risks.
At present, DeFi has seen well-known applications such as MakerDAO and Compound in the Ethereum network. There is also a platform such as EOSREX on the EOS network. In addition, many emerging public chains, such as Cosmos, Polkadot, and Nervos have also expressed that they will be in the future. Focus on layout in the DeFi application field.
image description
DeFi application top ranking
