Fool Me Once... Now a 2nd Flash Loan Is Used to Exploit DeFi Platform Weaknesses

in hive-167922 •  3 months ago 

There is an old proverb that bears repeating now that, for the second time in as many days of operation, a savvy smart contract user has used the bZx platform to get unsecured "flash loans" that have then gone on to be used to exploit weaknesses in the smart contracts of other DeFi platforms. Here's the 2nd exploit transaction in all its glory on etherscan. A mere 0.41988685 ETH was spent to make over $650,000. 😱

Fool me once, shame on you; fool me twice, shame on me.

I'm sorry, but I'm not gonna blame the people using these exploits to get insta-rich. Why? Because getting a $2.7 million loan instantly and without KYC is exactly the kind of thing we don't need in DeFi.

Are all these coders so young that they didn't go through the 2007-09 Financial Crisis? Because as far as I remember, giving money to people without documentation and without background checks was EXACTLY how we ended up with all that pain in the first place.

The whole reason why blockchain is even a thing is because Satoshi Nakomoto wanted to provide the means for us to create an alternative financial system where actions like giving gobs of money to people who didn't deserve it and/or were not going to use it in a positive way (i.e. "bad economic actors") could not affect the outcomes of those who participated in the financial system on good faith.

Or do we just want to ignore what Satoshi put in the bitcoin genesis block?

The picture below details the first "hack" that was used to remove around $350k worth of ETH from bZx, a DeFi platform on Ethereum that had recently begun to issue unsecured "flash loans" to anyone with an ETH address. That's right - free money to anyone as long as they knew how to use Metamask and MyEtherWallet. That's just not right.

IMG_9555.JPG

While this kind of innovation in undercollateralized loans may become a fixture in the cryptocurrency universe in the future, it is clear that we are at a highly experimental stage in the development of these protocols. Thus, it is not proper to call this transaction a "hack." It's just an "exploit" of an existing fragile and very much under development ecosystem. The bZx platform itself probably even views these transactions as simply a couple of expensive bug bounties. Hopefully, they'll take the time to fix these exploits, if they even can. If they cannot, they need to remove the "flash loan" option altogether.

As long as there are increasing amounts of capital deployed on DeFi platforms, the future will inevitably see more exploits like this, each one more remunerative than the last. But each one makes the entire ecosystem more antifragile. In the long run, they'll be good for the adoption of blockchain technology to govern our financial lives.

Now I say that in the sense of "Let's get all of this out of our system before there's big money on the line" kind of way. Not in the sense of "Let's try all the bad finance ideas from the past and put a blockchain layer on top and see if it somehow works better" kind of way.

Here's hoping the next time I hear about some costly exploit of the DeFi ecosystem, the first step in the process isn't such an obviously bad idea. Giving millions to someone instantly for free is never a good idea!

As we are constantly harping on this with my projects Konstellation and FinNexus, the world needs a robust blockchain-based ecosystem for financial services.

Key word: robust.

Onwards and upwards. 🏋🏻‍♂️

Posted via Steemleo

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

Enjoy a $trendotoken bonus from MAPX!
Please also take a look at @MAPXV and @MAXUV as MAPX tokens are almost sold out.
Thanks for being a member of MAPX.

Congratulations @map10k, you successfuly trended the post shared by @shanghaipreneur!
@shanghaipreneur will receive 4.01247675 TRDO & @map10k will get 2.67498450 TRDO curation in 3 Days from Post Created Date!

"Call TRDO, Your Comment Worth Something!"

To view or trade TRDO go to steem-engine.com
Join TRDO Discord Channel or Join TRDO Web Site

A member bonus $trendotoken tip and !trendovoter for @shanghaipreneur from MAXUV!
Also consider our MAPR fund and MAPXV vote bonds too.
MAP Steem Fintech: growing your STEEM without SP.
Also, please take a look at our new Nonsense Writing Contest post with MAPR prizes.

Congratulations @maxuvv, you successfuly trended the post shared by @shanghaipreneur!
@shanghaipreneur will receive 4.04640563 TRDO & @maxuvv will get 2.69760375 TRDO curation in 3 Days from Post Created Date!

"Call TRDO, Your Comment Worth Something!"

To view or trade TRDO go to steem-engine.com
Join TRDO Discord Channel or Join TRDO Web Site

Enjoy a $trendotoken bonus from MAPX!
Please also take a look at @MAPXV and @MAXUV as MAPX tokens are almost sold out.
Thanks for being a member of MAPX.

Congratulations @shanghaipreneur, your post successfully recieved 8.05888238 TRDO from below listed TRENDO callers:

@map10k earned : 2.6749845 TRDO curation
@maxuvv earned : 2.69760375 TRDO curation


To view or trade TRDO go to steem-engine.com
Join TRDO Discord Channel or Join TRDO Web Site