In brief

  • The bZx hack has resulted in over $8 million worth of losses.
  • The hack is the third of this year suffered by the decentralized finance protocol.
  • DeFi innovations continue to grow, but repeated hacks underline how much the DeFi space is still largely experimental.

bZx, a decentralized finance lending protocol, has been hacked for the third time this year, resulting in the loss of over $8 million in user deposits. This reportedly represents 30% of the total value locked in the bZx protocol.

Decentralized finance, or DeFi, continues to grow apace in the crypto industry. The attempt to create decentralized financial instruments separate from traditional centralized institutions has been surging in the crypto industry—but DeFi is not without its problems. This most recent bZx hack is the latest in a line of growing pains for the DeFi space. 

“There is a lot of phenomenal innovation within DeFi, however, there are also a lot of risky untested products. Users and investors must be careful before committing funds,” Charles Storry, co-founder of PhutureDAO, told Decrypt.  


As news of the hack broke, the bZx team advised clients on Twitter that funds were not at risk and that there was no need to close loans. 

However, an engineer allegedly discovered bZx’s vulnerability hours before the damage was done. 

Marc Thalen, lead engineer at, claimed to have notified the bZx team about the fact users were able to duplicate “i tokens” on the protocol, putting nearly $20 million at risk. “At this point none of the founders were up,” Thalen said in a tweet. 

Decrypt has reached out to the bZx team, and we will update if we hear anything back. 

What does this mean for DeFi? 

DeFi remains a largely experimental innovation within crypto. That fact alone may make future investors patient as the space continues to develop, but repeated hacks may turn the crypto community away. 


Storry added that bZx “have ultimately failed many times to secure users’ funds. How many chances will the community and investors give the bZx team?” 

In contrast, Aave founder Stani Kulechov took to Twitter to provide support for the bZx team. The “bZx incident recently showed that it’s easier forked than done. They had multiple audits, formal verification and took substantial time before coming back to main-net and yet all the diligence does not guarantee safety,” Kulechov said.

As with every crypto innovation, there will be growing pains. But $10 million is hard to stomach.

Stay on top of crypto news, get daily updates in your inbox.