Decentralized finance (DeFi) lending protocol bZx has revealed it managed to recover the over $8 million worth of cryptocurrency that an attacker stole from it earlier this week.
On Twitter, the protocol’s official account announced it recovered the funds without providing the community with a lot of details. According to CoinDesk, a spokesperson for the project said bZx managed to track down the attacker who exploits its protocol using on-chain activity.
After being exposed, the attacker reportedly agreed to return the funds. As CryptoGlobe reported, the attacker exploited the bZx protocol using flawed code to duplicate assets or increase their balance of interest-bearing tokens on bZx, dubbed iTokens. After noticing the exploit, bZx halted minting and burning of the tokens, and resumed it after a fix corrected the balances.
The bug saw the attacker mint 2139,199.66 LINK, 4,500.7 ETH, 1.75 million USDT, 1.41 million USDC, and 667,988.8 DAI. In total, the attacker managed to get over $8 million with the attack. The attack occurred even though bZx was “heavily audited” by top security firms Peckshield and Certik.
Reacting to the incident Certik revealed that during the audits “several issues were identified and remediated,” and added the vulnerability was the result of a “gas optimization being applied on the common ERC balance transfer code whereby data was copied to memory and subsequently reused while having been altered in storage.” To the firm, “security is a journey” and its team is committed to collaborating with bZx further.
Peckshield revealed that its audit to the protocol uncovered 16 security issues that were fixed. After the funds were recovered, it revealed it was working with bZx to develop a plan to “re-examine the protocol and set up real-time monitoring on key blockchain data indicators.”
Featured image via Pixabay.