Fool Me Once... Now a 2nd Flash Loan Is Used to Exploit DeFi Platform Weaknesses

avatar

There is an old proverb that bears repeating now that, for the second time in as many days of operation, a savvy smart contract user has used the bZx platform to get unsecured "flash loans" that have then gone on to be used to exploit weaknesses in the smart contracts of other DeFi platforms. Here's the 2nd exploit transaction in all its glory on etherscan. A mere 0.41988685 ETH was spent to make over $650,000. 😱

Fool me once, shame on you; fool me twice, shame on me.

I'm sorry, but I'm not gonna blame the people using these exploits to get insta-rich. Why? Because getting a $2.7 million loan instantly and without KYC is exactly the kind of thing we don't need in DeFi.

Are all these coders so young that they didn't go through the 2007-09 Financial Crisis? Because as far as I remember, giving money to people without documentation and without background checks was EXACTLY how we ended up with all that pain in the first place.

The whole reason why blockchain is even a thing is because Satoshi Nakomoto wanted to provide the means for us to create an alternative financial system where actions like giving gobs of money to people who didn't deserve it and/or were not going to use it in a positive way (i.e. "bad economic actors") could not affect the outcomes of those who participated in the financial system on good faith.

Or do we just want to ignore what Satoshi put in the bitcoin genesis block?

The picture below details the first "hack" that was used to remove around $350k worth of ETH from bZx, a DeFi platform on Ethereum that had recently begun to issue unsecured "flash loans" to anyone with an ETH address. That's right - free money to anyone as long as they knew how to use Metamask and MyEtherWallet. That's just not right.

IMG_9555.JPG

While this kind of innovation in undercollateralized loans may become a fixture in the cryptocurrency universe in the future, it is clear that we are at a highly experimental stage in the development of these protocols. Thus, it is not proper to call this transaction a "hack." It's just an "exploit" of an existing fragile and very much under development ecosystem. The bZx platform itself probably even views these transactions as simply a couple of expensive bug bounties. Hopefully, they'll take the time to fix these exploits, if they even can. If they cannot, they need to remove the "flash loan" option altogether.

As long as there are increasing amounts of capital deployed on DeFi platforms, the future will inevitably see more exploits like this, each one more remunerative than the last. But each one makes the entire ecosystem more antifragile. In the long run, they'll be good for the adoption of blockchain technology to govern our financial lives.

Now I say that in the sense of "Let's get all of this out of our system before there's big money on the line" kind of way. Not in the sense of "Let's try all the bad finance ideas from the past and put a blockchain layer on top and see if it somehow works better" kind of way.

Here's hoping the next time I hear about some costly exploit of the DeFi ecosystem, the first step in the process isn't such an obviously bad idea. Giving millions to someone instantly for free is never a good idea!

As we are constantly harping on this with my projects Konstellation and FinNexus, the world needs a robust blockchain-based ecosystem for financial services.

Key word: robust.

Onwards and upwards. 🏋🏻‍♂️

Posted via Steemleo



0
0
0.000
7 comments
avatar

Enjoy a $trendotoken bonus from MAPX!
Please also take a look at @MAPXV and @MAXUV as MAPX tokens are almost sold out.
Thanks for being a member of MAPX.

0
0
0.000
avatar

According to the Bible, Charity Means Love (5 of 5)

(Sorry for sending this comment. We are not looking for our self profit, our intentions is to preach the words of God in any means possible.)


Comment what you understand of our Youtube Video to receive our full votes. We have 30,000 #SteemPower. It's our little way to Thank you, our beloved friend.
Check our Discord Chat
Join our Official Community: https://beta.steemit.com/trending/hive-182074

0
0
0.000
avatar

A member bonus $trendotoken tip and !trendovoter for @shanghaipreneur from MAXUV!
Also consider our MAPR fund and MAPXV vote bonds too.
MAP Steem Fintech: growing your STEEM without SP.
Also, please take a look at our new Nonsense Writing Contest post with MAPR prizes.

0
0
0.000
avatar

Enjoy a $trendotoken bonus from MAPX!
Please also take a look at @MAPXV and @MAXUV as MAPX tokens are almost sold out.
Thanks for being a member of MAPX.

0
0
0.000