DeFi lending protocol bZx (BZRX) confirmed that “due to a token duplication incident” its insurance fund “has transiently” accrued debt of around USD 8m. (Updated on September 15: updates in bold.)
At pixel time (08:05 UTC), BZRX, ranked 138th by market capitalization, trades at USD 0.439 and is down by 32% in a day and 15% in a week.
Kyle J Kistner, Chief Visionary Officer (CVO) at bZx, said that due to a bug in their code “the user was effectively able to increase his balance artificially.” According to him, borrowing and trading were not impacted, while the fix was identified and a new version of the affected iToken contracts was deployed with the balances corrected for duplications.
The CVO said that the protocol “was heavily audited by top security firms Peckshield and Certik.”
“Unfortunately, audits are not silver bullets. Our protocol is the most powerful, fully functioned lending protocol in the space, and this means that there is a lot of code to cover”, he said.
According to Kistner, their system is capable of absorbing “black swan events that would otherwise negatively impact lender assets.”
“Thanks to a protocol design that anticipates and accounts for tail events, this incident is surmountable. The debt will be wiped clean and the protocol will move forward unimpeded,” he said.
Meanwhile, the team said later on Monday that “the missing funds are now restored,” promising to provide more information later.
As reported, in February, bZx suffered two attacks.