Stack of dollar bills

DeFi platform bZx exploited for $8.1 million

Getting your Trinity Audio player ready...

The DeFi platform bZx was exploited for $8.1 million on September 13th, marking the third time in 2020 that bZx has been exploited. 

How the bZx exploit happened

The bZx team noticed that there had been an exploit when a single withdrawal resulted in a significant drop in their Total Value Locked. Afterward, they discovered that there was a bug in their protocol that tricked the platform into minting unbacked iTokens, which are bZx’s interest accumulating tokens. The bug allowed the attacker to duplicate their tokens by minting unbacked iTokens into their account and then withdrawing them, which led to a 219,199.66 LINK, 4,502.70 ETH, 1,756,351.27 USDT, 1,412,048.48 USDC, and 667,988.62 DAI loss for bZx.

Upon noticing the exploit, the bZx team paused minting and burning of iTokens but later resumed those operations once the bug had been patched. The team also debited the loss from the protocol’s insurance fund.

How did the bug go unnoticed?

Hours before the exploit took place, Marc Thalen, lead engineer at, warned the bZx team of the attack vector.

At the time, all members of the bZx team were asleep, and by the time they woke up, the bug that Thalen warned about had been exploited by the attacker.

This is the third time this year that bZx has been exploited. In February,bZx was exploited twice, for $350,000 and $650,000 (both in ETH), respectively.

In every attack, bZx was neither hacked nor breached, instead, an individual with a strong understanding of howthe bZx protocol worked was able to take advantage of its inner workings to generate hundreds of thousands, and now millions of dollars for themseves.

Which makes it a good time for us to remind you that the entire DeFi ecosystem is built on shaky ground. bZx had an insurance fund and was able to replenish their losses; however, not every DeFi platform has an insurance fund.Several DeFi exploits have taken place in 2020 and we are beginning to seeDeFi token projects exit scamand pull the rug on their ecosystem. When it comes to DeFi, it is best to proceed with caution, and if you don’t understand how an investment works, then it is better not to invest at all.

New to blockchain? Check out CoinGeek’s Blockchain for Beginners section, the ultimate resource guide to learn more about blockchain technology.