bZx attacks and 1inch.exchange allegations: Here’s what the teams have to say

Quick Take

  • DEX aggregator 1inch.exchange has alleged that bZx’s Fulcrum platform had a $2.5 million vulnerability over a month ago, but it didn’t inform users
  • bZx co-founder Kyle Kistner told The Block that they were going to publish a disclosure by the end of this month and that 1inch.exchange “violated” their disclosure policy
  • 1inch.exchange co-founder Anton Bukov told The Block: “Since they [bZx] had 2 breaches recently we were pretty sure they will not publish anything in Feb.”

There is now a new twist to the bZx attacks saga.

1inch.exchange, a decentralized exchange (DEX) aggregator, has alleged that it found a $2.5 million worth of vulnerability in bZx's Fulcrum lending protocol over a month ago, but bZx didn't inform users. 

It all started on January 11 when bZx's lending and margin trading platform Fulcrum released flash loans feature, said 1inch.exchange in a Medium blog post published Friday. "We discovered that $2.5M of user funds from 3 pools could be stolen within a single transaction."

The vulnerability had been published for less than 48 hours when 1inch.exchange discovered it, so there was "a very high chance malicious attackers could exploit it."

1inch.exchange went on to explain that it was prepared to perform a white-hat hack to protect user fun