Subscribe to wiki

Share wiki

bZx

Wiki Powered byIconIQ
bZx

Official Website:
Social Profiles:

bZx

bZx is a lending protocol for DeFi (Decentralized Finance) and cryptocurrency that runs on the Ethereum blockchain. bZx also functions as a platform that hosts a variety of dApps, or decentralized applications. The protocol is governed by the BZRX token[2].

In 2020, bZx suffered from three hacks. According to bZx’s report, the protocol was compromised for the first time on February 14, when the team was at the ETHDenver industry event. The second attack, according to industry news outlet The Block, took place four days later on February 18th. The third attack happened in September and bZx was able to recover all of the $8 million worth of cryptocurrency which was stolen during the hack.

Overview

bZx protocol is a collection of smart contracts that are built on the Ethereum blockchain with focus on lending and margin trading in cryptocurrency. The three main tokens of the bZx ecosystem include:

  • iTokens
  • pTokens
  • BZRX Tokens

These three coins are ERC20 tokens.  iTokens accumulate interest, and can go up in value the longer they are held onto. Each iToken represents a share in a bigger pool as borrowers pay interest into the token. pTokens allow the purchaser to have a short or leveraged position, and BZRX Tokens function as governance tokens within the bZx platform.

BZRX Tokens

An audit of the smart contracts surrounding the BZRX was completed by the cybersecurity company, Certik. $BZRX tokens have a total supply of 1,030,000,000 tokens[3].

BZRX is a governance token that gives holders the power to make changes to the protocol. The tokens have been allocated in the following way:

  • 21.35% on a vesting schedule for strategic partners and backers
  • 13.65% went to presale
  • 20 went to the team
  • 20% went to the bZx builder fund
  • 5% went to the security and alignment fund
  • 20% went to the ecosystem fund

Products and Ecosystem

Products

Fulcrum and Torque are built on the bZx protocol, with Fulcrum focusing on DeFi margin lending and trading, and the latter on indefinite term loans with fixed interest rates.

Ecosystem

bZx has many dApps in their ecosystem including:

  • DeFi Saver
  • Staked
  • Dexwallet
  • 1inch.exchange
  • Betoken
  • Eidoo
  • Alpha Wallet
  • Idle
  • defiportfolio
  • ParaSwap
  • Totle
  • DeFiZap

BZRX V3 Token Model Propositions

On June 29, 2020, bZx published an official blog post announcing proposed changes to their BZRX token.

Fee-Sharing Mechanism: The first concerned a fee-sharing mechanism using one of two Balancer pools and a “feeSweep()” function. This lets participants generate fees from assets locked in the Balancer pool, providing liquidity to pool users. In this way, every trade, loan and serviced debt generates fees for the protocol.

  • Origination fee: 0.09%
  • Trading fee: 0,15%
  • Interest fee: 10% of interest paid

The proposal also included plans for a staking portal that allows users to stake and unstake their BZRX with a single click.

Protocol disbursement program: The other proposal suggested rewarding bZx users with tokens. According to the post, 20% of the total token supply has been allocated to rewarding users of the protocol, with the allocation further split into reimbursing protocol fees or issuing payouts based on the number of fees generated that week.

2020 Hacks

In 2020, bZx suffered from three hacks. According to bZx’s report, the protocol was compromised for the first time on February 14, when the team was at the ETHDenver industry event. The second attack, according to industry news outlet The Block, took place on February 18. The third attack happened in September and bZx was able to return about $8 million worth of cryptocurrency.

The First Hack

The attacker used multiple DeFi (Decentralized Finance) protocols to lend and swap significant quantities of Ether and Wrapped Bitcoin (WBTC) in a way that allowed them to manipulate the prices and profit off of decentralized leveraged trade. The attacker first took out a loan of 10,000 Ether (ETH) from decentralized lending protocol dYdX, then used 5,500 ETH ($1.46 million) to collateralize a 112 Wrapped Bitcoin (WBTC) loan (valued at over $1 million at the time) on DeFi protocol Compound. At this point, the attacker sent 1,300 ETH (valued at over $372,000) to decentralized margin trading ETH to open a 5x leveraged position on the ETH/BTC pair on bZx’s Fulcrum trading platform and borrowed 5,637 ETH through Kyber's Uniswap and swapped them for 51 WBTC, causing large slippage. This, in turn, allowed the attacker to profit from swapping the 112 WBTC from Compound to 6,671 ETH, resulting in a profit of 1,193 ETH (nearly $318,000). The hacker then paid back the 10,000 ETH loan on dYdX that they took out.

According to an in-depth analysis of the attack, the transaction with which the attacker opened the leveraged trade should have been prevented by safety checks, but those checks did not fire due to a bug in bZx’s smart contract. The team behind the protocol quickly patched the bug that allowed the hack to happen.

The Second Hack

The nature of the second attack is still largely unclear, but a message from the project’s CVO and operations lead Kyle Kistner in the official bZx Telegram group suggested that it was an oracle manipulation attack. Oracles are usually centralized components that provide external data to on-chain applications.

The Block estimates the loss to be 2,388 ETH (nearly $636,000). Kistner said that the team can neutralize the hack and prevent the loss of user funds like they did for the first hack. Furthermore, he promised that bZx developers will switch to oracles based on the ChainLink protocol, seemingly suggesting that it would make the system safer. In March, bZx developers integrated the protocol with ChianLink and worked with the ChainLink team on making the platform more secure[5].

The Third Hack

bZx said in an incident report that $8 million worth of cryptocurrency had been stolen by an attacker who exploited a code bug to mint the protocol's interest-earning iToken, which was used to redeem, and walk away with, digital assets held in various lending pools. bZx’s official Twitter account announced on September 14 that funds had been restored. Paris Fotis, a spokesperson for the project, said bZx had been able to track down the attacker using his or her on-chain activity. The attacker returned the funds after being exposed, according to Fotis[4].

Updates on Hacks

Funds Recovery

The ecosystem is currently working with law enforcement to obtain warrants from exchanges and other platforms that the hacker has interacted in order to obtain identifying information. All information gathered is being turned over to law enforcement to assist them in their investigation. The hacker has converted a large number of stolen assets into ETH and transmitted them through Tornado Cash. Best efforts are being made to continue tracking these assets as long as possible[6].

Compensation Plans

bZx's community has been taking it upon itself to drive a sustainable compensation plan for its community members. Having formed forums, the ecosystem's current plan has been submitted for snapshot vote, after which, if approved it will proceed to on-chain DAO voting. The securing of the on-chain vote is to authorize the release of the treasury funds, which will be used to compensate users who lost funds in the attack. Conclusively, the protocol aim to issue repayement of debt token from 30% of protocol revenue and fees.[7]

Team

bZx was conceived by Tom Bean and Kyle J Kistner in August of 2017. By February of 2018, they released a white paper, and in December of 2018 the team raised $7.8 million with an Initial Coin Offering (ICO) of BZRX tokens.

Members of the bZx team include:

NameTitle
Tom BeanFounder/CEO
Kyle KistnerCVO and Operations Lead
Nick SawinyhHead of Marketing
Chris BrennanLead Community Manager
Rodion KharabetSenior Full-Stack Developer
Diana KovaliovaFrontend Developer
Genka OmyshevLead Designer
Casey FallonSenior Designer
Manish SinghbZx Advisor, CIO at Crossbridge Capital
Alexander KhoriatybZx Advisor, Project Manager at district0x
See something wrong?

Edited By

Profile picture of Anonymous userElGeod

Edited On

September 20, 2022

Reason for edit:

Updated compensation plans

Loading...

REFERENCES

[1]

Introducing BZX

Sep 20, 2022

[2]

BZX intro

Sep 20, 2022

[3]

Tokenomics of BZX

Sep 20, 2022

[4]

Thrid hack-- BZX

Sep 20, 2022

[5]

BZX hacks

Sep 20, 2022

[6]

Updates

Sep 20, 2022

[7]

Updates

Sep 20, 2022