Komal Joshi · Oct 29, 2020 . 5min read
bZx recovers stolen funds from last hack incident
Paris Fortis, a spokesperson for bZx said the lending protocol tracked the hacker with the on-chain trail he or she left behind and bZx tweeted to confirm that it has indeed recovered the funds.
By Victor Ugochukwu · Sep 15, 2020 . 6min read
DeFi lending protocol bZx recovers the $8 million stolen funds from the hacker in the last security breach incident just a day after it announced the hack.
On Sunday that the news came in that bZx has been hacked again for the third all within nine months. In this latest hack incident, the hacker exploited a bug in the code to duplicate iToken contract code siphoning $8 million.
According to a post by Coindesk report, Paris Fortis, a spokesperson for bZx, said the lending protocol tracked the hacker with the on-chain trail he or she left behind. bZx tweeted to confirm that it has indeed recovered the funds.
We are relieved to announce that the missing funds are now restored. More information will follow.
Consequently, Fortis rejected attempts to extract information of the hacker by the citing security reasons. However independent assessments on the situation from a Twitter user by the handle @ChainLinkGod shows the hacker may have doxxed him/herself by withdrawing ETH from Binance before transferring same into the bZx protocol instead of Tornado Cash
For anyone using any of the regular exchange like Binance, Coinbase, OKEx, Huobi, etc., these exchanges record IPs as well as collect and store users KYC details against crime and money laundering tendencies like in this case. However, DEX like Uniswap is the exact opposite as it requires absolutely no KYC/AML requirements from its users. Many especially on the angle of regulations, express their concerns against the rise of DEXs.
bZx may have recovered stolen funds, but there are still controversies
The news of bZx recovering stolen funds is a welcome development; however, there are controversies on the issue. The first stems from rumours that bZx has not compensated the person who was able to track the hacker. Some Twitter users say aggrieved party who unearthed the fact that ETH used by the hacker was withdrawn from Binance should be compensated. Secondly, the other controversy bothers around the stolen funds. Some think this is no different from bug rebase issues. In this, an actor without malicious intent gets their funds multiplied due to error codes. Since we cannot classify bug rebase as crimes, why then should this be a crime for the said “attacker”? This is a sentiment for some within the DeFi space.
But clearly, some don’t see it that way. Because one has access to a company’s safe doesn’t mean he/she should take away the items in it. But then again, are DeFi protocols, most of which are permissionless “companies” in the literal sense of it?
Follow Cryptodose for daily updates.