Around the Block #3: Analysis on the bZx attack, DeFi vulnerabilities and the state of debit cards in crypto
In this edition, we analyze the bZx attack, uncover some of DeFi’s vulnerabilities, and discuss the state of debit cards in crypto
Analysis on the bZx attack and DeFi vulnerabilities
DeFi is bringing financial tools onto the internet in a way that makes them accessible, programmable, and useful for everyone. Just how the internet made it easy for anyone to create, share, and program information, DeFi is doing the same for money and finance.
DeFi products are trustless, global (accessible to anyone), transparent (anyone can inspect the code), and immutable (can’t be changed unless they’re programmed to). They’re also composable with each other, where products can be built on top of each other, similar to how Lego bricks can be combined into something greater than the sum of their parts.
Setting the stage
This is a novel environment. Anyone can program finance. The result today is a web of liquid and powerful financial tools, a new breeding ground for innovation and utility. For example, DeFi has created something called a Flash Loan — essentially a risk free loan where anyone can borrow millions of dollars for the duration of a single transaction. If, by the end of the transaction you have not paid back the loan, the whole transaction is rolled back. No capital is exposed to risk, and any end user is able to deploy a large sum of capital for arbitrary purposes.
So what happened with the bZx attacks?
BZx (aka Fulcrum) is a DeFi product that provides a tokenized borrow / lend and margin trading platform. Anyone can add capital to bZx’s pool and borrow against their capital, or leverage long or short by trading into other assets on margin. Their platform uses many other DeFi protocols to fully service these products, taking advantage of DeFi’s composability.
The attack at its core was a single, incredible transaction that borrowed millions of dollars in a flash loan, and threaded these funds through several DeFi protocols to elegantly manipulate and exploit bZx’s collateral pool. Check this out:
The attacker borrowed $10M in ETH through a flash loan from DyDx (Lego #1), posting no collateral in the process.
Used $5M in ETH to take a 5x short position on the ETH-wBTC book on (Lego #2). BZx forwarded the order to Kyberswap (Lego #3), which surveyed the best possible rate and finally filled the order on Uniswap (Lego #4). This incurred significant slippage, and drove Uniswap’s wBTC price 3x higher.
Carried the other $5M in ETH to Compound (Lego #5), and borrowed a stack of wBTC against the ETH collateral.
Used this borrowed wBTC to sell into Uniswap’s inflated price
Using the profits from Step 4 and the proceeds from step 2, the flash loan was paid in full the transaction successfully completed.
This maneuver resulted in a direct profit of 71 ETH, along with an active loan on Compound worth 1200 ETH, for a net profit of 1271 ETH (worth $355K at the time). The transaction also resulted in an active bZx loan that is deeply underwater, which is where the “loss” comes from.
The key mechanic was the ability to take a large 5x margin short position on a thinly traded book (ETH-wBTC) which incurred significant slippage. BZx was designed to protect against this, but the attacker found a clever bug that bypassed these checks. This one oversight exposed the bZx collateral pool to deep losses, whereas all other lego bricks in this process operated as designed and did not incur any losses. To learn more, Peckshield provides an excellent breakdown here.
The aftermath and 2nd attack
Immediately following the attack, the bZx team used their admin super-keys to pause trading and borrowing on bZx, and fixed the underlying bug. As the community discussed this new exploit and trading and borrowing resumed, a second attack occurred through a similar mechanic.
This second attack was similar to the first, but didn’t require bypassing any slippage rules. Instead, a flash loan was used to inflate Uniswap’s Synthetix USD price to $2 (instead of $1), and the attacker then deposited sUSD into bZx as collateral (at this inflated price) to borrow more ETH than they should’ve been allowed. They then ran away with the borrowed funds with no intention of paying back the underwater bZx loan, netting the attacker 2,378 ETH (after paying back the flash loan), worth $630K at the time.
This attack was more akin to an oracle attack, or a process that manipulates a trusted value. In this case, the flash loan drove up the spot price of ETH-sUSD on Uniswap (the oracle), which BZx used to determine the value of collateral in loans.
How should we think about security in DeFi?
DeFi has created powerful new financial products, weaving them together in emergent ways. But these attacks are a sobering reminder that programmable finance is still programmable and bugs are therefore expected — especially when innovation pushes the boundaries of what is possible. Today, the combination of flash loans and a web of composable DeFi protocols that interact in complex ways have created this new class of vulnerabilities.
Historically once a new class of vulnerabilities is discovered, it breeds a series of copycat attacks. Everyone takes note of the new possibilities, and a million magnifying glasses search the space for similar weaknesses. To this end, we should expect more flash loan style oracle attacks (and in fact, since writing this post another attack on curve.finance was discovered). But this is just part of how DeFi becomes more resilient.
For example, after the DAO hack in 2016 demonstrated reentrancy vulnerabilities, we quickly learned how to prevent it. Today, reentrancy attacks are virtually non-existent. This is ultimately an evolutionary fitness function where vulnerabilities are discovered, quickly patched, and the space gets increasingly hardened against attacks.
We should not expect DeFi to become completely secure against all attacks, but we can build an increasingly robust ecosystem with Defense in Depth, where multiple layers of redundancy provide increased security. We also need to develop greater levels of consumer protection and/or insurance. Notably, one DeFi insurance product made its first payout following the bZx attacks, an encouraging sign.
What about decentralization in DeFi?
The bZx team used super-admin keys to halt borrowing and trading, demonstrating a single point of control. This was necessary to prevent additional attacks from draining the entire collateral pool, but it also introduces a new element of risk — what if these keys are misused? What if they are compromised? Removing single party control is core to cryptocurrency’s ethos. What should we make of this?
The reality is that decentralization is a spectrum, and teams should aim to follow a roadmap of progressive decentralization. For new DeFi services, we should not expect complete decentralization from Day 1 as this creates existential risk if exploits are found and we cannot react quickly. Instead, protocols should graduate to increasing levels of decentralization over time, and only after they’ve demonstrated a track record of good security hygiene. Compound is one notable example.
In the end, DeFi is pushing the boundaries of what is possible, paving the way for new products that epitomize the nature of programmatic finance. It’s very exciting to see these products emerge, but also concerning when exploits rattle through the industry. Let’s take a holistic view of the process — more attacks are bound to happen, but this is part of the evolutionary fitness function. In the end, a robust ecosystem with strong consumer protections is likely to emerge.
State of debit cards in crypto
“Spend” has been an important verb for driving utility in crypto since Satoshi wrote the Bitcoin whitepaper. Crypto investors have always been looking for ways to spend their crypto assets for a latte at the local coffee shop. And to that end, crypto debit cards are viewed as an excellent option as they are largely identical to traditional debit cards, except that they debit a crypto balance instead of a traditional bank account.
Debit cards have had a storied history of attempts, including at Coinbase through our initial Coinbase Debit Card, first introduced in November 2015. This card was a first-of-its-kind and gave our customers the ability to spend their Coinbase Bitcoin balances anywhere Visa was accepted. The downside? This was not a Coinbase branded product, as it was issued through the payment processor Shift.
We were followed by BitPay, Bitwala, Wirex, Coinsbank, among others. Then amidst the 2017 ICO frenzy several other companies proposed products and platforms centered around a crypto debit card. Notably TenX, Token Card (rebranded to Monolith), and Monaco (now crypto.com). TenX raised $80M via ICO in 7 min, and Token Card and Monaco similarly took in $12.7M and $27M respectively, demonstrating the hype around crypto debit card offerings. These companies were mostly trying to differentiate through smaller fees, better UX, and through some rewards offerings.
The problem? At the time there were only a few payment processors willing to issue debit cards, notably Shift (our card) and WaveCrest (most others). Another was adoption. Our card found relatively limited traction, as we found that most users actually preferred to hold Bitcoin rather than spend it, with the volatility of Bitcoin and the perception of Bitcoin as an investment rather than a currency were underlying contributors. Today, with a more mature ecosystem and the advent of stablecoins, we believe a holistic debit card offering is likely to find greater traction.
In 2019, Shift pivoted it’s business and rebranded to Apto, and we worked to implement a new Coinbase debit card for the UK. For most other cards, January 2018 brought a crushing blow when VISA dropped WaveCrest citing “non-compliance with [their] operating rules,” effectively shuttering these other crypto debit cards.
Looking forward, crypto debit cards are likely to find renewed traction, especially with the emergence of reward-bearing stablecoins (like USDC at 1.25% APY on Coinbase). Additionally, Coinbase just became a Visa Principal Partner Member, a watershed moment that enables us to issue Debit Cards in the EU without requiring a sponsor bank.
Quick hits: commentary on notable news
Over the past month Ethereum has been embroiled in a governance debate centering around a proposed update to their mining process. Called ProgPow for progressive Proof of Work (PoW), the proposal aims to make it easier for consumer-grade hardware (GPUs) to mine Ethereum, reducing the effectiveness of ASICs (powerful special-purpose computers that dominate mining today).
Adopting ProgPow would make mining more accessible to a broader number of people, theoretically increasing Ethereum’s decentralization and marking a return to its initial ASIC-resistant vision.
The problem? This turns out to be a very contentious proposal and a highly nuanced subject. For starters, ProgPow would reduce the amount of computing power used to secure the network (GPUs are much less powerful than ASICs), theoretically making Ethereum more susceptible to 51% attacks. Furthermore, no mining algorithm is truly ASIC resistant. Specialty ASICs would eventually be created for ProgPow as well, and many believe ASICs are fundamentally necessary to secure PoW networks (no ASIC coin has ever been 51% attacked).
Furthermore, any controversial fork should be handled with significant care. Much more is at stake today compared to 2017, and DeFi’s introduction of real-world assets like USDC or USDT could reduce Ethereum’s ability to successfully execute contentious forks.
Following a long prior history, ProgPow was accepted in late February and slated for inclusion, but the subsequent uproar from the community led to the proposal once again being shelved.
The blockchain powering Steemit, a Reddit-like social news aggregator, recently announced a partnership with Tron to migrate their platform to the Tron blockchain. The Steem community was concerned the Tron Foundation now held too much governance authority, and acted quickly to enact a soft-fork disabling Tron’s governance rights.
In response, Tron worked with several large exchanges including Binance and Huobi to enact a separate hard-fork to reinstate their governance rights and freeze tokens from community members involved in Steem governance. The Steem community views this as a hostile takeover attempt by Tron.
Steem itself is a delegated Proof of Stake (dPOS) protocol, and thus customer deposits from large exchanges were fundamental in securing the necessary votes to enact Tron’s fork. CZ from Binance admitted he personally signed off Tron’s hard-fork, but was not aware of the contentious issues at hand and has since rebuked Tron for acting in bad faith.
This is another proof point that blockchain governance is hard. On one hand, the politics on dPOS chains is clear — the majority vote wins. Tron simply defeated the community by playing by the established political rules. On the other hand, blockchains derive value from their users who ultimately hold the economic power. The Steem community members are hitting back in a variety of ways, by disabling their apps, resignations from the Steem foundation, and backing community-favored validators.
Additionally, the role of exchanges and custodians in blockchain governance is heightened. They hold the majority of assets, giving significant political power. As the space matures, we should expect centralized platforms to provide governance tools, much like Coinbase Custody is doing for MakerDAO today.
Blockchains are transformative technologies, but they’re fundamentally just massive computer science experiments that we’re all partaking in. Nobody owns these networks, they are owned by the collective community building and using the technologies, and these moments are critical proof-points for the evolution of blockchain governance. For both Ethereum and Steem, important precedents are being set, and we should all pay close attention.