bZx Changes Its Dev Framework After Hack; Integrates Chainlink Decentralized Oracles

bZx Changes Its Dev Framework After Hack; Integrates Chainlink Decentralized Oracles


bZx exchange releases changes to its platform in light of the recent double attacks on Valentine’s Day. In an announcement released on Tuesday, the co-founder and CEO of the exchange, Kyle Kistner, further apologized for the $2.5 million hack on 1inch.exchange caused by a bug on its Fulcrum platform.

In a bid to prevent future troubles on the platform, the bZx dev team is reworking its oracle design, development framework, and review processes for new code.

bZx exchange loses over $2.5 million in hacks

In a widely covered bZx exchange double hack on Feb. 14, a user exploited a bug on the system and made away with $365,000 USD in ETH leading to widespread panic. Less than 72 hours later the platform experienced yet another exploitation of over $645,000 USD in ETH too.

While the first hack was an exploitation of the smart contract code, the second hack originated from a bug in the oracle system. In order to prevent this in the future, the exchange is adopting new oracle designs by integrating decentralized oracle, Chainlink to its system. [Not the first time bZx has partnered with Chainlink]

The company is currently planning on integrating Band and Uniswap v2.0 oracles to its platform in the future.

“Chainlink’s Price Reference Data Contracts are decentralized oracle networks made up of multiple independent, security reviewed, and Sybil resistant node operators.”

Furthermore, the exchange released a newly refactored code that will be implemented once economically audited to prevent such cases of exploitation.

“We will transition to an EIP-like system for cataloging new features and improvements to the protocol. This will make the process of how new code gets added completely visible to the public. Features should not be added as a surprise or at the last moment.”

He further added,

“We will never again publish unaudited code, no matter how few lines or trivial.”

bZx to pay for the losses

All the losses during the hack will be absorbed by the bZx exchange and protocol stakeholders. Currently, the company is working towards directing the profits towards the insurance fund to be able to repay the debt owed on the platform. The post reads,

“Given the current value of the insurance fund and its annualized rate of growth, it should be more than able to cover the loss at the time it needs to be realized in the year 2285 AD.”

Kristner apologizes for 1inch.exchange bounty reward

About three weeks before the two successive exploitations, 1inch.exchange came forward complaining that they found over $2.5 million from a vulnerability on the Fulcrum exchange. However, bZx never paid the devs their bounty fee or communicated the issue to the users.

Kristner came forward on his blog post to apologize for the time wasted in paying the bounty. He remarked,

“Rather than simply pay the full bug bounty immediately, with extreme gratitude for finding such a serious exploit, we tried negotiating. This was a serious mistake that we need to take responsibility for. Under no circumstances should this have happened, and we sincerely apologize.”

Get Daily Headlines

Enter Best Email to Get Trending Crypto News & Bitcoin Market Updates

What to Know More?

Join Our Telegram Group to Receive Live Updates on The Latest Blockchain & Crypto News From Your Favorite Projects

Join Our Telegram

Stay Up to Date!

Join us on Twitter to Get The Latest Trading Signals, Blockchain News, and Daily Communication with Crypto Users!

Join Our Twitter

Add comment

E-mail is already registered on the site. Please use the Login form or enter another.

You entered an incorrect username or password

Sorry, you must be logged in to post a comment.