So called decentralized finance (defi) lending platform Bzx on Sunday lost $8.1 million in a new hacking attack, the third this year, caused by a flawed code in its smart contracts.
The bug allowed the hacker to mint 219,200 LINK tokens (valued at $2.6 million); 4,503 ETH ($1.65 million); 1,756,351 USDT ($1.76 million); 1,412,048 USDC ($1.4 million) and 667,989 DAI (worth $681,000).
Marc Thalen, lead engineer at Bitcoin.com, first discovered the vulnerability in the smart contracts and reported it to Bzx, warning $20 million was at risk.
In a statement, Bzx co-founder Kyle Kistner said that the defective code permitted an attacker to duplicate assets or even increase the balance of the protocol’s interest-bearing token called iTokens.
Bzx noticed the security breach some hours later and immediately halted minting and burning of iTokens. Trading resumed after a fix that corrected the balances and duplications.
Kistner detailed that investor funds faced no risk