Flash attacks on decentralized finance (DeFi) platforms will be the new normal, according to Haseeb Qureshi, managing partner at Dragonfly Capital, a cryptocurrency venture fund. In the wake of consecutive attacks on Ethereum-based DeFi platform bZx, industry insiders are rethinking how the decentralized finance movement, which allows users to engage in tokenized margin trading and lending, will wrestle with bad actors who are able to exploit holes in the system.
Qureshi is anticipating an influx of attacks.
“We saw the first glimpses of this in the recent bZx hacks, and I suspect that’s only the the tip of the spear.”
BZx got hit back to back, with the first attack stealing roughly $350,000 in Ethereum (ETH) from the startup’s lending platform Fulcrum.
The first attack, launched on February 14th, involved a flow of maneuvers to net a profit of 1,193 ETH, currently worth $275,344.
- A flash loan from dYdX for 10,000 ETH was opened.
- 5500 ETH was sent to Compound to collateralize a loan of 112 wBTC.
- 1300 ETH was sent to the Fulcrum pToken sETHBTC5x, opening a 5x short position against the ETHBTC ratio.
- 5637 ETH was borrowed and swapped to 51 WBTC through Kyber’s Uniswap reserve, causing large slippage.
- The attacker swapped the 112 wBTC borrowed from Compound to 6871 ETH on Uniswap, resulting in a profit.
- The flash loan of 10,000 ETH from dYdX was paid back from the proceeds.
A larger copycat attack occurred days later, wiping out 2,388 ETH worth $559,000. Writing in bZx’s Telegram channel, co-founder Kyle Kistner characterized it as an “oracle manipulation attack.”