The developers of the decentralized lending protocol bZx have identified a sudden drop in asset volume. Three hours after starting the investigations, they confirmed a "duplication incident" that affected several iTokens.
As a result, the ability to deposit and withdraw assets from the platform was suspended.
1inch.exchange co-founder Anton Bukov identified nine transactions made with the iETH token that resulted in a duplication of 101,778 iETHs valued at approximately 4,700 ethereums or $1.7M. In addition, according to The Block, the attacker has stolen 219,200 LINKs ($2.6M), 1,756,351 USDTs, 1,412,048 USDCs and 667,989 DAIs exploiting the bug. The total value of the stolen assets amounts to $8M.
bZx has reported the users' assets are safe, so they do not need to withdraw their funds from the platform. The losses have been covered with the protocol's own funds. As a result of the attack, the volume of assets in the bZx pools has plunged by 70% to $6.3M.
This is the third attack on bZx since the beginning of the year. The combined losses of the previous two amounted to around $1M.
Subscribe to our Telegram channel to stay up to date on the latest crypto and blockchain news.