The fact sparked criticism in the environment of Ethereum and the rest of the projects of cryptocurrencies.The majority believed that it was not an attack, because everything happened within the rules of the platafomaEn one of the frames most talked about of recent times within the ecosystem of cryptocurrencies and blockchains. The platform finances decentralized (DeFi) bZx, which runs on the blockchain of Ethereum, lost close to USD 1,000,000. In total, he suffered two attacks in a span of just 4 days. The losses amount to more than 3,500 ethers (ETH).Although the fact that it happened as a result of acts intended, and evidently planned by a user, the community has reverted to criticize the possibility of this type of attacks occur, more than the attack itself. In particular, the general consideration is that, beyond the intent of the attacker, everything was done within the rules laid down in the various platforms on which it operated.But before going into discussion, let us review briefly what happened. Last February 14, a user asked for a loan instant or flash, through the platform DeFi dYdX for a total of 10,000 ETH. With more than half of these funds, called a loan of 112 wBTC with collateral in ETH through Compund. After, opened a position of about 1,300 ETH in Fulcrum to then convert over 5,600 ETH in wBTC through Uniswap.According to the report of bZx, that last movement generated an important increase in the value of wBTC. That was the one that took the attacker by changing the 112 wBTC obtained in the Compound for more than 6.870 ETH, with a total of 1.193 ETH of earnings (about $ 300,000), after paying the respective loans.The second attack, although it was not executed in exactly the same way, consisted of a mechanism quite similar and left to the attacker a favorable balance equivalent to about $ 640,000 in ethers.
Do you hack or bug in the system?
Between the postures most repeated is the consideration that the attacker only used a mechanism that had a fault, manipulating your operation without leaving your own rules. Some have even started to joke about the opportunity to run thefts sophisticated as this, taking the systems of the platforms DeFi.The developer Santiago Palladino, part of the team OpenZeppelin, explained in a thread posted on Twitter by what happened not only broke the mechanism of the instant loans that offers bZx, but this product precisely serves that type of operaciones.De fact, summarizes the possibility of receiving loans without collateral as an opportunity never seen before. “For the first time does not need money to earn more money,” explains Palladino. In synthesis, this type of loan allow users to perform financial transactions such as arbitration, without an initial investment.In his view, this generated for any interested person “a lot of opportunities that were previously reserved for the large owners of capital”. Well, not exactly to anyone, because the person must know what they are doing to be able to pay the loan flash taking out some kind of profit in the operation.But if he does, through the instant loans “now anyone can become a whale, break the network and collect, in a single transaction,” adds the developer tools in Ethereum.For his part, Alex Svanevik, founder of The Data Science DAO, assessed that the risk does not exist only in bZx, but that is a general problem of the platforms DeFi. Especially, by the possibility that in one direction is accumulated up to half the liquidity of one of these platforms.In effect, the lack of liquidity that allows for price manipulation by a user is one of the circumstances most commented on about this case. Particularly, questions that a platform use a single reference for determining the price of an asset, as it happened in bZx.The developer Julien Bouteloup, of the firm Stake Capital, it was a little bit further to ensure that it was impossible to consider what happened as an attack. Especially, after he himself warned “repeatedly” that the funds of the platform were not sure. However, “bZx said that it was not true”, he wrote Bouteloup in to your account on Twitter.Bouteloup accompanied his message with a screenshot of your warning. In the same screenshot you can see the reaction of Tom Bean, founder and CEO of bZx and Fulcrum (the platform that lost the aforementioned funds), rejecting the argument.
I wouldn’t call it an attack since I’ve repeatedly told them that funds were not SAFE but bZx said it was not true. $645k is not lost, it’s a bounty. ?♂️ https://t.co/W5vL71a2tv pic.twitter.com/7sHNoi9mBT— Julien Bouteloup | Paris (@bneiluj) February 19, 2020
Following the incident, the same developer shared a tweet from the platform Uniswap, who serves as an oracle for the price of the tokens, recognizing the possibility of movements such as those that occurred in recent days. That message dates back to February 2019, that is to say, possibly for at least a year, some of the parties involved knew of the vulnerability of the system.
?♂️ https://t.co/48SMPwQ335— Julien Bouteloup | Paris (@bneiluj) February 19, 2020
Other reactions in the ecosystem of cryptocurrencies
In addition to the environment of Ethereum and developers linked to the project, the event occurred with bZx, aroused criticism on the part of other projects that operate within the ecosystem of cryptocurrencies.Charlie Lee, founder of Litecoin, through his Twitter account blamed the same concept of the DeFi for what happened. In his commentary, Lee says that this type of platforms are “a theater of decentralization” because, in reality, they must resort to centralization to stop a protocol that was exposed or violated. In fact, bZx put “on pause” the system after each attack, while performing the research pertinentes.De this way, “no one can undo a hack, or the exploitation of a vulnerability unless you add more centralization,” he said, referring to the arrest of the protocol on the part of the platform bZx. “How is this better than what we already have?”, wondered finally.
This is why I don’t believe in DeFi. It’s the worst of both worlds. Most DeFi can be shut down by a centralized party, so it’s just decentralization theatre. And yet no one can undo to hack or exploit the unless we add more centralization.So how is this better than what we have now? https://t.co/F1HMSeqb6q— Charlie Lee (LTC⚡) (@SatoshiLite) February 16, 2020
Another of those who spoke on the subject was Udi Wertheimer, developer of the project, Ethereum, known for being quite critical. Among its findings, did not understand how those who have funds on platforms DeFi have not retired yet.For his part, Jameson Lopp said that he was not sure that it is possible to reduce the risk of DeFi. This, especially, considering that “the complexities and the attack surface for this system are on the rise”.