The theft happened in the same way. A clever set of instructions—all executed in one big transaction—enabled the trader toleverage current weaknesses in the DeFi ecosystem for their own gain. By using several decentralized financial tools, and a small dose of price manipulation, they were able to take home a lot of Ethereum.
Though the trader’s identity remains unknown, the modus operandi was the same as the last hack, suggesting the same person.
AD
AD
The main focus was on bZx, which maintains the Fulcrum protocol. In the company’s Telegram chat, bZx’s co-founder, Kyle Kistner, confirmed the second attack, writing that it appears to be “an oracle manipulation attack.” An admin in the channel claimed that user funds are safe.
We have hit the pause button on the protocol again in light of suspicious transactions using flash loans and trading on Synthetix.
On Twitter, the company said that it has paused the “decentralized” protocol again. The DeFi community were quick to point out this means that bZx still has ultimate control over the protocol, meaning it’s still a centralized system.
Eric Wall, CIO at Arcane Assets, defended the DeFi ecosystem, arguing that some protocols are more decentralized than others. He argued that there are several types of admin keys: those that can control funds—such as the ones bZx has—and those that can’t.
“A DeFi admin key can allow you to pause/freeze a contract. This is very bad! Oh no! But it's not identical to a centralized exchange unless that admin key allows you to confiscate individual user balances,” he tweeted.
AD
AD
Tweets like "DeFi apps are no different than centralized exchanges because all the contracts have admin keys" is the cheap, boring fast-track to "CT wokeness" these days, forcing me to take the devil's advocate and point out why that's sometimes wrong. Warranted retort:
So, it’s good that at least some DeFi protocols don’t have such admin keys—because otherwise Ethereum co-founder Vitalik Buterin would probably want them to “burn in hell.”
Stay on top of crypto news, get daily updates in your inbox.