Skip to content
Est. MMXXVIVol. VI · № 273RSS
Blockchain Breaches

An archive of cryptocurrency security incidents — hacks, exploits, bridge failures and rug pulls, documented with on-chain evidence.

Dossier № 008Flash Loan Attack

bZx Flash Loan Attacks

The first known flash-loan attack drained ~$954K from bZx twice in four days, using uncollateralised Aave loans to manipulate Uniswap oracle prices.

Date
Victim
bZx
Chain(s)
Ethereum
Status
Funds Stolen

On February 14 and February 18, 2020, the lending protocol bZx suffered the first two flash-loan attacks ever recorded on Ethereum mainnet. Combined losses were modest — roughly $954,000 — but the attacks introduced a new class of exploit that has accounted for billions in losses since.

What happened

Flash loans had been launched by Aave roughly a month earlier. They allow a user to borrow any amount of a token without collateral, on the condition that it is repaid in the same transaction. The bZx attacker realised this primitive could fund the temporary capital required to manipulate on-chain prices.

Attack 1 — February 14 (~$350K / 1,193 ETH)

The bZx team was on stage at ETHDenver when the first exploit fired:

  1. Flash-borrow ETH from a margin contract on bZx's Fulcrum platform.
  2. Borrow WBTC on bZx against a deliberately under-collateralised position (a separate bZx bug let this through).
  3. Dump the borrowed WBTC on the Uniswap WBTC/ETH pool, pushing the WBTC price down sharply.
  4. Buy WBTC back at the depressed price on Kyber (which read the manipulated Uniswap price as its oracle).
  5. Repay the flash loan, walking with the price-differential profit.

Attack 2 — February 18 (~$600K / 2,378 ETH)

Four days later, a separate attacker exploited the same oracle pattern using sUSD as the manipulation lever — pumping sUSD's reported price against ETH via flash-loan-funded buying, then borrowing massively against the inflated collateral.

Aftermath

  • bZx paused both attacked contracts and patched the specific oracle-reliance and under-collateralisation bugs.
  • The two losses were ultimately absorbed by the protocol from reserves.
  • bZx suffered a third major incident in November 2021 — a private-key compromise that drained roughly $55M — and effectively wound down its lending product after.

Why it matters

bZx is the founding incident of the flash-loan attack category. Every flash-loan exploit since — Beanstalk, Cream Finance, Cetus, countless smaller incidents — is a descendant of the same pattern: temporarily acquire massive capital → manipulate an on-chain price oracle → extract value against the manipulated reading → repay the loan.

The defensive responses — time-weighted oracles, decoupled price feeds, flash-loan-resistant invariant maintenance — are all consequences of the bZx pair.

Sources & on-chain evidence

  1. [01]coindesk.comhttps://www.coindesk.com/tech/2020/02/19/everything-you-ever-wanted-to-know-about-the-defi-flash-loan-attack
  2. [02]coindesk.comhttps://www.coindesk.com/markets/2020/02/18/defi-project-bzx-exploited-for-second-time-in-a-week-loses-630k-in-ether
  3. [03]quantstamp.comhttps://quantstamp.com/blog/market-dynamics-of-the-1st-bzx-hack-part-1

Related filings