bZx Hack Analysis Exposes Challenging DeFi-Inherent Composable Liquidity Risks


The exploit happens at 2020–02–15 01:38:57 +0000 (Ethereum block height #9484688). The culprit transaction can be found on etherscan. This attack process can be separated into the following five steps:

Figure 1: Flashloan Borrowing From dYdX
Figure 2: WBTC Hoarding From Compound
Figure 3: Margin Pumping With bZx (and Kyber + Uniswap)
Figure 4: WBTC Dumping With Uniswap

About us

PeckShield Inc. is an industry leading blockchain security company with the goal of elevating the security, privacy, and usability of current blockchain ecosystem. For any business or media inquiries (including the need for smart contract auditing), please contact us at telegram, twitter, or email.



A Blockchain Security Company (

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store