There is an old proverb that bears repeating now that, for the second time in as many days of operation, a savvy smart contract user has used the bZx platform to get unsecured "flash loans" that have then gone on to be used to exploit weaknesses in the smart contracts of other DeFi platforms. Here's the 2nd exploit transaction in all its glory on etherscan. A mere 0.41988685 ETH was spent to make over $650,000. 😱
Fool me once, shame on you; fool me twice, shame on me.
I'm sorry, but I'm not gonna blame the people using these exploits to get insta-rich. Why? Because getting a $2.7 million loan instantly and without KYC is exactly the kind of thing we don't need in DeFi.
Are all these coders so young that they didn't go through the 2007-09 Financial Crisis? Because as far as I remember, giving money to people without documentation and without background checks was EXACTLY how we ended up with all that pain in the first place.
The whole reason why blockchain is even a thing is because Satoshi Nakomoto wanted to provide the means for us to create an alternative financial system where actions like giving gobs of money to people who didn't deserve it and/or were not going to use it in a positive way (i.e. "bad economic actors") could not affect the outcomes of those who participated in the financial system on good faith.
Or do we just want to ignore what Satoshi put in the bitcoin genesis block?
The picture below details the first "hack" that was used to remove around $350k worth of ETH from bZx, a DeFi platform on Ethereum that had recently begun to issue unsecured "flash loans" to anyone with an ETH address. That's right - free money to anyone as long as they knew how to use Metamask and MyEtherWallet. That's just not right.
While this kind of innovation in undercollateralized loans may become a fixture in the cryptocurrency universe in the future, it is clear that we are at a highly experimental stage in the development of these protocols. Thus, it is not proper to call this transaction a "hack." It's just an "exploit" of an existing fragile and very much under development ecosystem. The bZx platform itself probably even views these transactions as simply a couple of expensive bug bounties. Hopefully, they'll take the time to fix these exploits, if they even can. If they cannot, they need to remove the "flash loan" option altogether.
As long as there are increasing amounts of capital deployed on DeFi platforms, the future will inevitably see more exploits like this, each one more remunerative than the last. But each one makes the entire ecosystem more antifragile. In the long run, they'll be good for the adoption of blockchain technology to govern our financial lives.
Now I say that in the sense of "Let's get all of this out of our system before there's big money on the line" kind of way. Not in the sense of "Let's try all the bad finance ideas from the past and put a blockchain layer on top and see if it somehow works better" kind of way.
Here's hoping the next time I hear about some costly exploit of the DeFi ecosystem, the first step in the process isn't such an obviously bad idea. Giving millions to someone instantly for free is never a good idea!
Key word: robust.
Onwards and upwards. 🏋🏻♂️
Posted via Steemleo