DeFi (Decentralized Finance) is still facing novel threats and emerging security challenges as we move into 2020. The founders of some of Berkeley Blockchain Xcelerator’s distinguished start-ups and alumni share their perspectives on the recent Ethereum BZX flash loan hack: a reflection on the maturity, and the future, of DeFi.


Host: Victor Fang CEO@ AnChain.ai


– Oliver Yates, CEO@Sheeld Network

– Bryan Chen, Acala Foundation Council Member

– Liam Lin, CEO@Nickel exchange

,Company Intro:

AnChain.AI (BBX Cohort 2019): A Silicon Valley based, venture-backed startup that delivers the world’s leading AI-powered intelligence arsenal, enhancing blockchain security, mitigating risk, and empowering compliance strategies.

SheeldMarket (BBX Cohort 2019): A France based firm developing privacy-preserving trading infrastructure, allowing participants to express their positions without risk of information leakage, and firms to outsource their infrastructure while maintaining control over their data.

Acala (BBX Cohort 2020) : A decentralised stablecoin and staking liquidity platform powering cross-blockchain open finance applications. We’re uniquely set up as a decentralized finance consortium with a vision to build cross-chain defi infrastructure, to provide stability and liquidity for the Polkadot ecosystem.

Nickel (BBX Cohort 2019) : Nickel helps banks prevent fraudulent foreign exchange trades in emerging markets using blockchain.

,Background by Victor Fang, AnChain.AI :

In Feb 2020, a sophisticated hack impacted at least 5 Ethereum DeFi smart contracts: BZX.network, dYdX, Kyber, Compound and Uniswap. The Hacker managed to steal $954,000 in a flash, twice. A good introductory briefing on the hack can be found at Cointelegraph.

The AnChain.AI security research team investigated the exact malicious Ethereum transaction that exploited bZx’s flash-loan smart contract and various other DeFis as highlighted in the below figure:

This incident marks a critical first the history of DeFi. The AnChain.AI team has audited various complex smart contracts, and performed incident response to professionally-executed blockchain hacks, but we consider this by far the most advanced exploit on DeFi to-date: a highly-sophisticated exploit implicating high-profile projects on flash loan, collateralized loan, margin trading, oracle, staking, and more.

Victor Fang, CEO & Co-founder at AnChain.AI, had the chance to discuss the matter in person w/Vitalik Buterin at theStanford Blockchain Conference on Feb 19, just days after the BZX hack. Ethereum, the most popular smart contract enabled blockchain and the 2nd largest market cap cryptocurrency, has attracted both developers and hackers of unprecedented sophistication, like the 2018 Blockchain APT hacker group revealed by AnChain.AI. While DeFi developers favor Ethereum, vulnerabilities like the BZX flash loan hack reflect the lacking maturity of DeFi as of 2020. The silver lining: the blockchain ecosystem is now aware of such hacking tactics and improving its defensive infrastructure.

Recommended readings on BZX / DeFi hacking:

1. Official Post-Mortem by BZX, the compromised DeFi project, with an included detailed incident timeline.

2. In-depth 2019 research paper by Ari Juels (Cornell) and coauthors titled ”Flash Boys 2.0: Frontrunning, Transaction Reordering, and Consensus Instability in Decentralized Exchanges”

In the course of the investigation, Victor has had the fortune to interview selected Berkeley Blockchain Xcelerator DeFi startup founders’ on the topic, gauging their perspectives on this historic DeFi incident.


Oliver YATES, CEO@ Sheeld Market

Bryan CHEN, Acala Foundation Council Member

Liam Lin, CEO@ Nickel

VF: What’s unique about this BZX hack?

OY: While many hacks simply exploit an issue in the code to have it behave in an abnormal way, this particular hack relied on pure market dynamics as well, and could not work simply through a technical exploit. The attacker made money by opening a highly-leveraged position, and then moving the market in his favor in order to dump inventory at a higher price. The trick was being able to open this leveraged position with funds that are not sufficient to cover the regular margin requirements through an exploit in the bZx smart contract.

VF: Why are these DeFi projects vulnerable to this?

OY: DeFi projects are vulnerable because their code is public and open-source. Every single hacker can read the code, find a weakness and elaborate a strategy to exploit it. Before running the real hack, the hacker can launch a testing environment similar to the real one to improve and tweak his scenario. However, we have to consider these hacks as being unavoidable pitfalls of the “security through transparency” principle of DeFi intended to produce a robust and decentralized financial architecture.

: We’ve known for some time that most Ethereum DeFi projects are vulnerable to oracle attacks, but the root cause of this bZx attack stems from a fundamental misunderstanding of the definition of “price”.
Many DeFi protocols require an input of “price” on certain assets to ensure transaction viability. Smart contracts typically fetch the price information from external sources such as oracles or DEX. However, DeFi needs more than a simple, numerical price. bZX searches for an indicator that all the debits in the protocol can be covered by selling all the collateralized assets to market at once. This guarantee must be stable enough for liquidators to have enough time to execute the sale of assets on the market.
Problematically, the number provided by external price sources is far from stable, and is more so indicative of a trade’s theoretical possibility than its practical reality in a dynamic market.
In the bZx hack, the price source (uniswap) was manipulated to provide an outlandishly high BTC price. Any reasonable person could easily have recognized its temporality. If bZx were able to fetch the historical price and, for example, calculated a moving average price, this attack could have been averted entirely.LL: Anonymity often brings out the worst in people. Most DEXs don’t enforce Know-Your-Customer (KYC) requirements. There are always malicious individuals blended into the faceless crowd who are looking to exploit flaws in the system. Who can blame them though? The risk of getting caught is minimal and the rewards are high, compared to the bug bounties that are rewarded to white hats. You are talking about millions of dollars vs. a couple of thousand dollars. The inconsistency in security standards adopted doesn’t help things either.

VF: In what way is decentralized finance (DeFi) more challenging to defend than traditional centralized finance?

OY: Defense is critical in DeFi in the sense that transactions are non-reversible. Once an exploit occurs, you cannot go back and cancel the funds’ new ownership. Centralized systems have the ability to do damage control, like during the Robinhood “infinite leverage” exploit where the developers were able to quickly reverse positions for the cheating participants. Defending DeFi systems is challenging due to the “security through transparency” principle. Good practices must be followed drastically, and the modularity of DeFi protocols make it even harder.

BC: Privacy coins aside, confidentiality and privacy are the main issues facing DeFi at the moment. Professional traders, for example, who have carefully developed their own sophisticated strategies, want to avoid leaking their methods if at all possible, while other users simply balk at the lack of privacy at-large. With our current technologies, DeFi can neither be integrated smoothly with existing confidentiality and privacy preserved platforms nor offer privacy-preserving features of its own.On the other hand, traditional centralized finance providers can provide confidentiality and privacy, at least to a limited degree. It is almost impossible for traders to verify if their service provider actually does what they claim to do, and it is not uncommon to see data breaches from financial institutions in front-page news. People can only depend on regulators to enforce the necessary regulations, which, of course, comes with its own problems.

VF: What can we do to prevent and defend such DeFi incidents? Is there anything your startup is working on that can help?

OY: Right now there is a lack of sophisticated market surveillance systems in the DeFi space. These systems detect manipulations in real-time, in this case a pump and dump scheme. That way even if something goes wrong in the trading pipeline, at the end of the day no harm is done. The difficulty with implementing these systems in DeFi is preserving some of the core values of the space, like privacy and data ownership. SheeldMarket builds privacy-preserving trading systems. In order to monitor our cryptocurrency Dark Pool without putting critical data at risk of leakage, we are developing a privacy-preserving market surveillance system, leveraging over 20 years of equities trading experience at Tier 1 banks. This system can also be used on other venues, including DeFi platforms.

LL: Regular security audits. That’s where startups can play their part to help audit, verify, and certify the invulnerability of the contracts. While it is not conventional for DEX, a time delay for withdrawals combined with Multi-Party Computing wallets (where private keys are distributed and never exposed in whole at any time) will help reduce the odds of unauthorized/illegal withdrawals of funds.

VF: This hack happened on Ethereum blockchain. Do you expect it would happen in other blockchains too?

BC: The bZx hack, and other flash-loan related attacks, heavily depend upon the property of atomic cross-protocol transactions. Through this property, it has become possible to trustlessly borrow a large amount of capital to fund an attack. However, atomic cross-protocol transactions depend on serial execution of transactions, which means very limited throughput / TPS. All next generation blockchain platforms have some kind of parallel transaction processing capability. This means cross-protocol call may need to be asynchronous as the other protocol could be in a different shard, or a different chain, essentially eliminating the use cases of flash-loans and, by extension, this particular attack pattern.It may be still possible to perform similar attacks on DeFi protocols, but those we know of are both riskier and less profitable.

LL: Yes, definitely. Ethereum just happens to be the most popular blockchain for distributed computing at the moment, unlike Bitcoin, which only has a simple payment functions. The ability to write smart contracts for Ethereum introduces the possibility for security flaws that can be exploited