Defi Bzx platform recovered $ 8.1 million from hackers
Defi-value financial protocol Bzx reclaimed $ 8.1 million it lost to a hacker a few days ago. The company claims it can track down cyber thieves, whom they declined to name for legal reasons, through their on-chain activity. Cornered, the attacker returns the spoils.
“All money has been withdrawn from the attacker. We are restoring the system, ”said Kyle Kistner, co-founder of Bzx, in a statement released Sept. 15.“ The funds are now in the team's wallet and used to reinstate groups for borrow. "
On September 13, a faulty code snippet in the Bzx smart contract allowed hackers to mine 219,200 LINK tokens (worth $ 2.6 million); 4,503 ETH ($ 1.65 million); 1,756,351 USDT (1.76 million USD); 1,412,048 USDC (1.4 million USD) and 667,989 DAI (worth 681,000 USD) - all worth 8.1 million USD.
Marc Thalen, the lead engineer at Bitcoin.com, who discovered the bug, was eventually paid a bounty of $ 45,000. Initially, Bzx did not want to pay so much money to Thalen, only offered him a bonus of $ 12,500 for "Marc only reported the problem when the attack was almost over."
In a thread on Twitter, Thalen complained: “Bzx just mentioned in a call that it doesn't feel worth more than 12.5 thousand as their 'independent' executives decide and they feel want to stick with it. They are not willing to reveal the panel's [identity]. [I am] really disappointed about Bzx. "
That figure, however, severely undermines the protocol's own error-reward policy for high-level discoveries, which can be paid out as much as $ 350,000. Bzx then reconsidered his position following a backlash on social media and paid Thalen a "reasonable" $ 45,000.
Peckshield, one of two auditing firms that failed to identify the error code that led to the $ 8.1 million cryptocurrency theft, said in a letter to the Bzx community that their initial audit 16 identified security problems - but never enough.
“Bzx and Peckshield are developing a plan to re-test the protocol and establish real-time monitoring on key blockchain data metrics,” it wrote. This measure is expected to increase security on the platform.