QUADRIGA INITIATIVE
CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM
A COMMUNITY-BASED, NOT-FOR-PROFIT
$918 000 USD
FEBRUARY 2020
GLOBAL
BZX
DESCRIPTION OF EVENTS
"bZx (formerly known at b0x) was conceived in August 2017." "bZx was founded by Tom Bean, a self-starter with years of experience working with top-profile car companies using GPS technology." "The project first started publicly marketing themselves during ETHDenver in 2018. Since then, the protocol published their formal whitepaper in February of 2018, followed by a testnet release in April and a full mainnet launch in August of the same year." "The bZx team currently lists 8 team members and 3 advisors on their official website."
"bZx is a set of smart contracts built on top of Ethereum that allows people to lend and margin trade without having to rely on third parties." "Fulcrum is a powerful DeFi platform for tokenized lending and margin trading." "Fulcrum is a decentralized margin trading platform. There is no need for any verification, KYC or AML." "It is the first and only completely trustless platform for margin; it does not use centralized price feeds or centrally administered margin calls. It is permissionless and rent free; there are no fees and no accounts. Fulcrum is built on the bZx base protocol and extends the protocol by allowing both loans and margin positions to be tokenized." "Enjoy a frictionless trading experience with positions that automatically renew and zero rollover fees."
"bZx has been heavily focused on solidifying strong industry partnerships with key players including but not limited to MakerDAO, Kyber, ChainLink, Augur and Set Protocol." "The bZx base protocol [was] audited by leading blockchain security auditor ZK Labs."
"[T]he attack was launched on Valentine’s day on February 14th during ETHDenver. At that time, bZx’s team has been out attending the event." The team "immediately returned home from the[ir] tBTC happy hour." "The series of transactions were extremely complex and did not yield to a straightforward chain analysis. We made the determination that the attack could continue, that lender funds were at risk, and that we needed to take steps to disable the attack." "bZx team announced on the bZx’s official Telegram channel, saying that there was an “exploit executed” against the bZx protocol and that the firm has paused that protocol, “except for lending and unlending.”"
"First, the attacker borrowed 10,000 ETH from dYdX – a decentralized lending protocol. He then used 5,500 ETH to collateralize a loan for 112 wBTC on Compound – another lending protocol. After that, he spent 1,300 ETH to open a 5x leveraged ETH/BTC short position on the Fulcrum trading platform of bZx, while also borrowing 5,637 ETH through Kyber’s. This amount he swapped for 51 wBTC, causing a serious slippage." "This allowed the perpetrator to profit from swapping the 112 wBTC from Compound to 6,671 ETH and generate an income of 1,193 ETH. That’s roughly around $318,000. At the end of it all, the attacker paid back the 10,000 ETH loan on the dYdX protocol that he had taken before." "The team identified a safeguard that was bypassed. There was a safety check that did not fire, caused by a logic error in flagging the loan as overcollateralized. Overcollateralized loans don’t involve swaps, which bypasses the final slippage check."
Attack procedure: "(1) A flash loan from dYdX for 10,000 ETH was opened. (2) 5500 ETH was sent to Compound to collateralize a loan of 112 wBTC. (3) 1300 ETH was sent to the Fulcrum pToken sETHBTC5x, opening a 5x short position against the ETHBTC ratio. (4) 5637 ETH was borrowed and swapped to 51 WBTC through Kyber’s Uniswap reserve, causing large slippage. (5) The attacker swapped the 112 wBTC borrowed from Compound to 6871 ETH on Uniswap, resulting in a profit. (6) The flash loan of 10,000 ETH from dYdX was paid back from the proceeds."
"The total profit from this sequence of events was 1193 ETH, currently worth $298,250 @ $250/ETH."
"The bZx team has also officially confirmed [a] second attack." "[T]he attacker managed to extract a net profit from the system of around $600,000, bringing the losses up to more than $900,000 worth of ETH. However, the mechanism of the second attack was completely different than the first one." "The issue at hand had a lot to do with oracle manipulation. Oracles typically represent centralized components that provide external information to on-chain apps." "Aave CEO Stani Kulechov, said that a “flash loan was used to get capital without owning it. The attack was possible without a flash loan as well if the person would have such a big amount of cryptocurrency in possession.”"
"The total number of ethers locked in bZx dropped from roughly 27,000 to 23,000 after the first attack, while the annual interest rate spiked from 0.07 percent on Feb. 14 to 98.18 percent on Feb. 16." "With the surge in interest rates, the amount of ether held as deposits rose from 23,000 to 40,800 by Feb. 18, only to fall back to 23,000 following the second attack. The number slipped further to 17,500 at the end of February."
Some users "had insurance on assets locked up in bZx’s Fulcrum, but after a bug yielded an exploit of its smart contract, a couple of accounts that did were covered by Nexus Mutual, the London-based crypto insurance company." "As soon as the attack was found, claims were made on the Fulcrum smart contract. Mutual fund holders voted those down because at that point it looked like attackers had manipulated the oracles Fulcrum looked at, which didn’t count as a failure of the smart contract itself, in Nexus Mutual’s documentation." Only "two claims worth approximately $31,000 were paid out, according to the company."
The bZx team "acted to delist the whitelisted tokens on the oracle token registry, which was not protected by a timelock." "The team identified a safeguard that was bypassed. There was a safety check that did not fire, caused by a logic error in flagging the loan as overcollateralized. Overcollateralized loans don’t involve swaps, which bypasses the final slippage check." They "addressed the condition that prevented the check from firing in the first place by requiring the check to take place even in the case of overcollateralized loans. The ETHBTC margin tokens were delisted from the oracle token registry. [They] implemented maximum trade sizes to limit the possible scope of any attack."
"Chainlink announced it would be helping bZx upgrade its systems, taking advantage of Chainlink’s recently launched “meta oracle.”"
This is really two separate attacks. In the first case, the hacker created a loan which had no collateral, and the company behind the smart contract (supposed to be decentralized) is taking responsibility for paying this loan over time. The second case was more serious, and involved exploiting an "oracle" or central information source inside the decentralized smart contract to drain further ether. Thankfully in this case it seems that the decentralized platform was managed by an honest team and large effort is underway to patch these exploits, however it does highlight that there are still exploits to be found in smart contracts.
HOW COULD THIS HAVE BEEN PREVENTED?
Smart contract auditing is helpful to reduce issues, however it is not a silver bullet. Contracts which have been tested over a longer time period are less likely to contain exploits. However, decentralized trading carries risks, and recovery is never guaranteed.
Almost $1 Million Of ETH Compromised Following Two Attacks On DeFi Protocol bZx (Jun 21)
Post-Mortem (Jun 21)
Yields of 25% to 42% Lure Lenders Back to DeFi Platform bZx - CoinDesk (Jun 21)
DeFi Insurance Firm Nexus Mutual Makes Its First Payout Following bZx Attacks - CoinDesk (Jun 21)
Chainlink's Sergey Nazarov on What DeFi Can Learn From Early Exchange Hacks (Jun 21)
CipherTrace Cryptocurrency Crime and Anti-Money Laundering Report 2020 (Jun 20)
SlowMist Hacked - SlowMist Zone (May 18)
Millions Lost: The Top 19 DeFi Cryptocurrency Hacks of 2020 | Crypto Briefing (May 22)
List of Ethereum Smart Contracts Post-Mortems - Security - OpenZeppelin Community (Jun 23)
bZx Hack Full Disclosure (With Detailed Profit Analysis) | by PeckShield | Medium (Jun 23)
Bzx Hack Full Disclosure With Detailed Profit Analysis (Jun 26)
PeckShield Inc. - bZx Hack Analysis Exposes Challenging DeFi-Inherent Composable Liquidity Risks (Jun 26)
Ethereum Transaction Hash (Txhash) Details | Etherscan (Jun 26)
Bzx Flash Loan Event (Jun 26)
Crypto Margin Trading with Fulcrum | bZx (Jun 26)
audits/bzx-audit.pdf at master · mattdf/audits · GitHub (Jun 26)
Introducing Fulcrum Tokenized Margin Made Dead Simple (Jun 26)
Fulcrum Trade - bZx Decentralized Lending & Margin Trading (Jun 26)
What is bZx? A 3-minute guide to the defi trading platform - Decrypt (Jun 26)
Comprehensive List of DeFi Hacks & Exploits - CryptoSec (Jan 8)
No Title (Jan 9)
