bZx Will be Absorbing the Losses of the $2.5M Attack
Protocol for tokenized margin trading and lending —bZx has begun to pick up the pieces and get back to work following two consecutive attacks that drained $2.5 million from its funds last month.
According to the company, the attackers took out a loan of 11,500 ETH in two separate attacks. If bZx lets its protocol automatically refinance the loan, it would drastically reduce the platform’s liquidity and cause a disturbance.
To avoid this, the company will manually lower the interest rates in order to delay the realization of the 11,500 ETH loss and maintain liquidity on the platform.
Interestingly enough, the collateral left after the second attack actually increased the company’s ability to service its debts. To maintain liquidity, the platform would require a yearly interest payment of 22.99 ETH. There is currently 6,095 ETH escrowed on the platform that can be used to finance those payments. This means that it will take another 265 years before the loan defaults.
All of the losses from the attacks will be absorbed by the company and the protocol stakeholders, with all of the cashflows of the company being directed to the insurance fund where they will wait until the debt is due.
“Given the current value of the insurance fund and its annualized rate of growth, it should be more than able to cover the loss at the time it needs to be realized in the year 2285 AD,” the company explained.
A heartfelt apology was also given to the traders whose positions remained suspended for days following the attack. While the traders won’t be reimbursed for the losses they suffered last month, the company began creating a new program that would compensate traders for any losses in the future.
However, response plans are also being made that will enable the exchange to continue operating even in such emergencies, which should prevent these kinds of losses from happening.
bZx will also stop relying on a single oracle provider for its prices. The company said that they will introduce a new oracle design that will combine ChainLink, Band Protocol, and Uniswap v2. For now, the bZx loan protocol will rely only on ChainLink, while Band and Uniswap are set to be integrated in phases 2 and 3 of the new oracle solution.
When it comes to the controversy surrounding bZx’s refusal to pay out the bug bounty to whitehat hackers that discovered its vulnerabilities, the company admitted wrongdoing. They took responsibility for negotiating the reward instead of immediately paying it out, saying that they will increase their bug bounty rewards and work on making them more visible to the community.
The judgment of all reported bugs will be delegated to an independent panel in order to remove any conflict of interest and avoid last month’s scenario to repeat itself.
While the company claims the confidence from its community remains relatively unchanged following the attacks, as trading volume and locked value hit an all-time-high immediately after the relaunch of the platform, we are yet to see whether this affects the company in the long term.