So called decentralized finance (defi) lending platform Bzx on Sunday lost $8.1 million in a new hacking attack, the third this year, caused by a flawed code in its smart contracts.

The bug allowed the hacker to mint 219,200 LINK tokens (valued at $2.6 million); 4,503 ETH ($1.65 million); 1,756,351 USDT ($1.76 million); 1,412,048 USDC ($1.4 million) and 667,989 DAI (worth $681,000).

Marc Thalen, lead engineer at Bitcoin.com, first discovered the vulnerability in the smart contracts and reported it to Bzx, warning $20 million was at risk.

In a statement, Bzx co-founder Kyle Kistner said that the defective code permitted an attacker to duplicate assets or even increase the balance of the protocol’s interest-bearing token called iTokens.

Bzx noticed the security breach some hours later and immediately halted minting and burning of iTokens. Trading resumed after a fix that corrected the balances and duplications.

Kistner detailed that investor funds faced no risk as they were promptly compensated. He said:

No funds are at risk. Due to a…

Click to continue reading on its source location…

Source: https://news.bitcoin.com/defi-protocol-bzx-loses-8-1-million-in-third-hack-this-year/