Unchained - The bZx Attacks: Unethical or Illegal? 2 Experts Weigh In - Ep.160
Episode Date: February 25, 2020Maya Zehavi, blockchain consultant, and Zubin Koticha, cofounder and CEO of Opyn, discuss the two recent bZx attacks, whether they were hacks or arbs and whether they were unethical or illegal. They a...lso look at whether flash loans are to blame, how much transparency DeFi teams should have about vulnerabilities on their platforms, how much bug bounties should be for DeFi, and whether flash loans means the amount of bug bounties should be higher. We also talk about whether DeFi should institute circuit breakers, when those would make sense, and whether these attacks could happen to anybody or whether bZx isn't up to the standards needed in this community. We also cover how bZx should handle the under-collateralized loans left on their platform, whether Chainlink will be a sufficient solution to prevent these attacks in the future, and whether DeFi insurance should cover these kinds of attacks. Plus, Maya and Zubin explains why they're happy the attacks happened and have made them more optimistic. And Maya reveals why she has a pizza slice emoji in her Twitter profile. Thank you to our sponsors! CipherTrace: https://ciphertrace.com Crypto.com: https://crypto.com/ Kraken: https://www.kraken.com Episode links: Maya Zehavi: https://twitter.com/mayazi Zubin Koticha: https://twitter.com/snarkyzk Opyn: https://opyn.co/ Description of first attack: https://www.theblockcrypto.com/post/56171/bzx-exploit-former-google-engineer-explains-how-an-attacker-made-350k-in-single-transaction Description of second attack: https://www.theblockcrypto.com/post/56171/bzx-exploit-former-google-engineer-explains-how-an-attacker-made-350k-in-single-transaction https://www.theblockcrypto.com/daily/56413/experts-weigh-in-on-bzx-attacks-flash-loans-highlight-the-need-to-improve-defi-security-models https://www.theblockcrypto.com/linked/56134/defi-lending-protocol-bzx-exploited-a-portion-of-eth-lost Unconfirmed episode about the attacks: https://unchainedpodcast.com/how-2-defi-attacks-made-almost-1-million-in-profit/ 1inch.exchange blog post: https://medium.com/@1inch.exchange/yes-we-hacked-bzx-fulcrum-but-one-month-ago-3f7e5c437ee3 1inch exchange-Fulcrum dispute: https://www.theblockcrypto.com/post/56579/bzx-attacks-and-1inch-exchange-allegations-heres-what-the-teams-have-to-say Nexus Mutual payouts: https://defirate.com/nexus-mutual-first-payouts/ Nexus Mutual blog post: https://medium.com/nexus-mutual/bzx-flash-loan-event-55753d19e52b Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
Hi everyone. Welcome to Unchained, your no-hype resource for all things crypto. I'm your host, Laura Schitt. If you enjoy Unchained or Unconfirmed, my other podcast, which also features a weekly news recap, please give us a top rating or review in Apple Podcasts or wherever you listen to the show. What's the best way to spend crypto? The MCO Visa card lets you spend anywhere visa is accepted, including your coffee shop or the Apple Store, all with up to 5% back. Download the Crypto.com.
I'm up and reserve yours now.
Cracken is the best exchange in the world for buying and selling digital assets.
It has the tightest security, deep liquidity, and a great fee structure with no minimum or hidden
fees.
Whether you're looking for a simple fiat on-ramp or futures trading, Cracken is the place for you.
Cipher trace cutting-edge cryptocurrency intelligence powers anti-money laundering,
blockchain analytics and threat intel.
Leading exchanges, virtual currency businesses, banks, and regulators themselves, use ciphertrace
to comply with regulation and to monitor compliance.
Today's topic is the BZX attacks.
Here to discuss are Maya Zahavi, blockchain consultant, and Zuban Kotitsha, co-founder and CEO of Open.
Welcome, Maya and Zubin.
Thanks so much for having us.
Hi.
In the past couple weeks, Defi lending protocol BZX suffered two attacks in which flash loans were used.
The attacker or attackers, it's not clear whether it was the same person or different people behind the attacks, made off with about $950,000 in Ether.
I did an interview with Lev Livnev, the person who discovered that the first attack had occurred on unconfirmed last Friday, where we covered how the attacks happened.
But for those who missed that interview, can you briefly re-nev?
how it occurred. We'll just start with the first one. Maya, can you explain how the attacker
executed it? Yes, the attacker took about $2.7 million in a flash loan on DydDX, which is 10K and
he put five and a half eep onto compound and borrowed 12, sorry, 112 WBTC. And then he went on to
ZVUX and shorted WVTC on a margin trade with E on the 3X.
And behind the scenes, of course, BZX ended up dumping all the WBTC on Uniswap.
And the Qadur Uniswap triggered a slippage in the price, of which allowed the attacker to basically both return the 10K-Eat
and take back 71-eat as a profit from that one single trade, which is kind of elegant, to be honest.
I know we were seeing, and I kind of tweeted this, but the first time that I read about this,
I had the sensation of, like, having just watched a snowboarder doing some really elegant flips on a half-pipe or something.
with the sheer number of, go ahead.
Sorry, I'm just saying that the fact that you can take a flash loan was well known in advance.
The fact that it could probably and maybe with a slimmer of a chance lead to a flash crash,
that was also well known.
But doing that in one trade and kind of using a logic exploit on the BZX, that's genius.
I mean, that's a work of art.
You have to hand it to whoever it was.
yeah yeah and basically you know so they borrowed this money and then they um had you know some of it
in uh wrapped btc but they with the other half shorted it significant significantly in order to
um to benefit and that's how they made off with the money but then the group that was left
holding the bag was bzx uh to the tune of like about six hundred thousand dollars i think so
Yeah, so let me just stop you.
I think one thing that isn't, one thing that's kind of not well known was that the
margin trade that the attacker did was on a 3x on BZX, right?
Just in terms that they're shorting it and they're going to get a return 3X at the amount
that they short it, right?
But there was an exploit on BZX for 5X, the amount.
And that might have allowed them to squeeze that trade a lot more than the
originally got. And it also leads to the issue of whether it was a logic or an R of trade.
Okay. And I'm sorry, can you explain that once more? So they repeat it. What was for 3X and what was for 5x?
The short that the attacker did was on a 3x on BZX, right? Meaning they were going to get three
times the amount that they shortage.
As a return, if there actually is a
slip in price or the price of the
rap Bitcoin drops.
But what led
to more of a slippage in the
price on uniswap than
was originally intended was the fact
that behind the scenes,
BZX protocol in order
to compensate, ended up
also dumping more
than they intentionally
than they had to. Let's put that.
way on the Khyber Uniswap. And it leads to the second order effect, which is the insurance of
Nexus Mutual had on the BZX contract. Was it an arbitrage trade or was it a bug that the
attacker exploited? And that's kind of, it's still an open question, I think, in regards of whether
or not Nexus Mutual has an obligation to repay that insurance. And they chose to repay everyone
almost every one of the people that had a trade on that.
Okay, yeah.
So now we're getting, you know, really into the weeds.
But I will say that in that interview I did with Lev, Livnev on Friday, he did say that he felt like the real culprit was a bug in BZX.
And so obviously in that situation, that would be something that would be covered by the Nexus Mutual Protocol, which, by the way, for those who aren't aware is a decentralized insurance.
protocol. Obviously, you would need to sign up for it and to ask to be covered for BZX before
you could make a claim, but they did end up paying out a few claims. So before we get even more
into the weeds on all this, why don't we just go to the second attack? So Zubin, can you describe
what the attacker did in the second attack? Yeah, absolutely. So in the second attack, it was a similar
a flash loan mechanism where you can take out a massive amount of eath as long as you
repay it in the same transaction.
And they took out 7,500 ETH from BZX itself.
So it was weird because in the first exploit, they used DYDX a different platform for this
flash loan, but here they actually used BZX itself.
Then what they did is they took some of this ETH, about 900, and they essentially, they dumped
this ETH in an S-USDC.
sorry S-USD pool on Khyber.
So what that means is they're pumping the price of synthetics USD, a stable coin.
And then they took the rest of the ETH and they deposited it on BZX itself and used it to borrow that exact, sorry, they took the synthetics USBX, they put it down on BZX itself and used it to borrow far more ETH.
And the thing is that BZX uses an Oracle through Khyber, which they had just pumped the price on.
So it thinks that this collateral, this synthetics USD, is worth way more than it actually is.
And BZX, the platform, gives this attacker way more ETH than there actually should be entitled to.
They use this ETH to repay the flash loan on BZX, and they make out with a massive profit of 2,378 ETH.
Yeah, and they, you know, did such a massive purchase of S-U-S-D on Khyber.
Or what is it?
So what was this about, is Khyber and Uniswap?
Like, somehow they're connected.
It's like.
Yeah.
So what's interesting about Khyber is that Khyber kind of can use reserves from multiple different dexes.
And what's interesting about this specific trade is that, or these two trades was that they
went through Khyber, which had very low amounts of liquidity relative to the flash loan size.
And they largely executed through Uniswap, routed through Khyber, is just kind of a mechanism.
And that caused massive slippage. And then after the slippage, they used these massively
manipulated prices to borrow much more than they should be entitled to from BZX itself.
So Khyber is just a mechanism to kind of go through uniswap.
Yeah, and I did read that at that moment when they had manipulated the price, they had boosted the value of SUSD to more than $2 when obviously it should be $1. So yeah, it's kind of interesting because, you know, of course, you know, I'm sure at this moment a lot of people are speculating about who it should be. But I did wonder, of course, you know, at first, oh, is it the same person? But then I thought, well, it could also just be that.
once the first attack happened, then somebody else figured out another way to perform a somewhat
similar move. But anyway, okay, so Maya and I started to get into this, but let's now have a discussion
between you two because I think both of you have slightly and maybe even really different views on
this, but what is your interpretation of what happened? You know, I saw online some people
who were debating whether these were hacks or just arbitrage trades. What do you guys think?
So I don't think it's a hack.
I mean, first of all, I think the fact that it was a logic bug maybe puts it under a hack.
But I consider Defy an experiment with a huge bounty, especially everything that is dependent on make or die.
And this is a bounty that is testing the fragility of the entire system of Defi, the protocol risk, the Oracle risks.
And I think as a consequence of this hack, three main issues in DFI were fleshed out for people to see and really consider as a risk factor.
One is the centralization behind the scenes of backdoors with admin keys of protocols that can always pause protocols.
Two would be the market depth that Zubin just alluded to in terms that a lot of these.
decks don't have that much liquidity. And it's very simple to manipulate them. And third is
how oracles are a single point of failures for a lot of these trades. Now, keep in mind that a lot of
the dexes rely on a moving average indicator in order to figure out the price. And it's not that
one trade can, that is, and the slippage that happens as a byproduct can, can distort.
the price, but if it's big enough, it can. And the consequences for that are an increase,
both in the volatility and a lack of liquidity as a response because there's a lot of domino
effects in all these trades. Now, taking advantage of that, I don't consider that a hack.
Nobody did anything illegal, in my view. Okay. And before we hear from Zuban, I just did want to
talk about the admin key thing. What you were referring to was how ZBX did, BZX did a pause trading
essentially with this admin key. And yeah, that kind of caused a lot of debate online as well.
Zubin, so what's your take about what Maya said? I think there's a lot of good points in there.
I think that, you know, defy is a massive system with just a huge bounty attached to it.
The question for me as to, like, whether it is a hack or not, seems a little bit like a definition or, like, semantic question.
But I think, like, what's clear is that this is a software flaw that was exploited.
It's not an arbitrage, right?
An arbitrage is where you can take advantage of a mispricing in a otherwise well-developed system architecture
and make a pure profit.
This was a poorly designed system
where they had a lot of reliances,
a lot of assumptions,
and that's what allowed this hacker to take the money.
There's a reason why you can't just take a 3x long position on DYDX
or you can't just borrow a lot of money through compound
and manipulate dex prices and make away with a big profit.
The reason being that flawed software,
relied on very thin markets for oracles.
And that to me seems like irresponsibility on the behalf of the creators of the software.
And so when you think about an arbitrage, it to me seems like, you know, the market, the participants
might be acting irrationally.
Here, the system itself was broken and was exploited and a chink in the armor was used to
make a fat profit for this attack.
hacker.
I mostly agree with what you said, but at the end of the day, these systems are economic
and financial systems.
And there's always an attack vector that is mostly financial, especially as defy is a
bunch of Legos or composables.
And when people design one protocol, a lot of times they design for the worst-case scenarios
and stress tests that protocol in a silo, in isolation from everything else that can come into that.
And the minute we introduced flash loans, we're basically creating a series of traits that are automated into one transaction
that not always can be predicted or simulated when people design these protocols.
And there's also a time difference between the day that a protocol is shipped and goes into main ed after it's been audited and all the other protocols that get introduced into defy.
And I think that is really a lot of the protocol risk as it is more distinct than the entire market risk of defy.
That's how I think about it, to be honest.
Interesting. Yeah. So the way I see this, and then this comes to another debate people are having on the internet, which is, are flash loans the culprit here? In a flash loan list system, one without flash loans, do these mistakes, arbitrages, blah, blah, blah, exists. And fundamentally, from the math of it, if you take the same attackers and you have them, instead of flashloaning 7,500 eth in the beginning, they're just extremely.
wealthy and they started off with 7,500. They still make the exact same transactions and they make off
with a massive profit. There's no fundamental new thing that a flash loaner, uh, loony, I guess, a flash
borrower, uh, can do that someone with 7,500 Eath initially can't do as well. Um, so that to me calls into
the question, the notion of like, whether these flash loans are the culprits here, because
Vitalik could have, you know, made this trade happen with his capital as it is today.
So one, I don't think the flash loans are the culprit in this, but we do have to be cognizant of the fact the flash loans basically lower the barriers for such an attack because you don't have to be someone who has to get financing or hoard all these coins in order to start an attack like that, right?
So a lot of different people are now incentivized to try similar attacks, not necessarily on BZX, but in other protocols that I think are just as vulnerable without needing all that cash.
Yeah, absolutely.
I think that's fair.
Yeah, well, actually, one thing that I was going to actually ask you later, but let's discuss it now, is that because actually this comes up in a pretty big.
way also later in the week, which we'll get to that later. But I just wondered in this scenario where
you're kind of like democratizing these sort of hacks so that they're not just limited to whales
who have that capital to pull that off. Do bug bounties still make sense? Do you know what I'm saying?
Like if I realize that there's this vulnerability in a protocol and, you know, maybe I wouldn't be
able to profit from it in the way that I could have without a flash loan, but I can, you know,
at least get some money from the team itself. Like in this world where you have flash loans,
does that kind of change the incentives? Yeah, I think what's interesting here is that, you know,
maybe the bug bounty size might have to increase. So if you look at BZX, their, their largest, you know,
reward for catching a bug was 5K. And compound, it's in the hundreds of thousands.
And so if you look at comparable platforms to BZX, they have much higher bug bounties.
I think that's one way to do it.
But the main thing is now this attacker has like, maybe, you know, they're not traceable,
but they have a lot of money that they have to launder.
And if you can have a bug bounty, or maybe even like a Dow that will pay out people to find
these exploits.
And then this money isn't, you know, like, like, you know, illegal money.
if it is from the beginning something people can use,
like pay taxes on,
and they don't have to sit on this black money essentially.
It is much easier.
So to a certain extent, yes,
you can look at a purely rational actor
and say that, okay, they'll make more money from a hack
than they will from getting a bug bounty,
but I think that the money isn't the same.
money you got from a bug bounty is much easier to deal with.
Okay.
Yeah.
You know what?
Let's actually just talk about this other incident then now that happened because
the amount that the BZX team is willing to pay in bug bounties is potentially another
issue here.
So essentially on Thursday, one inch exchange, this is the Thursday after the two attacks,
one inch exchange published a blog post in which they said that back in January, they discovered
a bug in Fulcrum, which is the lending part of, it's the same team actually as BZX, but it does
loans that would enable $2.5 million of user funds from three different pools to be stolen
in a single transaction. And in their blog post, they alleged that they had given the information
of Fulcrum and had even offered to White Hat hack the contract to protect the user funds,
but that Fulcrum had instead chosen to leave the funds vulnerable while
deploying a fix and that that whole thing took 16 hours.
And in the blog post, this whole...
Right.
And so, yeah, then they go into this thing with the bounty.
But actually, before we do, before we talk about the bounty, I just want to let you know,
like, what, so what do you think of what happened there?
Do you think that Fulcrum should not have left user funds vulnerable for 16 hours,
that one inch exchange is right?
Or do you think the opposite?
Well, I think if we leave BZX for a second and not make them like the ultimate arbitrator of what the right bounty is, let me just take you back like eight months to June of last year when a white hack happened on synthetics.
And I think they hacked about $750K, returned the money and got a nice bounty, no scandal, nothing.
And the team was willing to pause the entire protocol and rethink the flaw that they had.
VX wasn't as willing to pause the protocol and basically left all their pools susceptible to any attack for 16 hours.
But I think the macro environment of DFI has also changed in that time interval because right now,
pausing a protocol on DFI has a huge reputational risk and could affect further liquidity of different dependents and contracts built on that.
I feel like we don't really know enough or I don't know enough to make a judgment call there,
but there was a complete lack of transparency on BZX's part throughout the entire hacks and the vulnerability since January.
Zubin, do you have an opinion?
Yeah, I think that, I mean, it's a hard call to make, you know, if you're a founder and you have $2.5 million of user funds.
And the question comes down to, do you want to risk the reputational risk for your user's benefit?
And I think, you know, as an ethical business, you know, or even just an ethical smart contract creator, the question is, do I care more about my own reputational risk?
Or do I care more about my, you know, my users?
And I think in the long run, it pays to care more about your users, even if you're, you know,
are a selfish actor, right? And so BZX has seen that the reputational damage that they've taken
by not, you know, trying to cut corners and not take users concerns us seriously. Far, far, far out
shines or, sorry, is far greater than the amount of reputational damage they would have taken
had they stopped the protocol, done a very responsible thing, and had a lot of community
outreach. Because this community is, to a large extent, highly technical. Understand,
there's risks with these protocols, understands that sometimes there will be hacks and is very
forgiving, I think. And so I think it pays to care about your users and to be ethical in a business like
this. Yeah, earlier when you kind of at the beginning of your answer said, like, you know,
should they care more about their reputation or their users? I was like thinking, well, when you
build a reputation is to care about your users.
So like they're the same thing.
Exactly.
Yeah.
So let's go into now the bounty part of it, because that's kind of, you know, where we were
headed before.
But that same blog post that one inch exchange published gave this kind of actually very
long recounting of the back and forth over whether or not full chrome should pay them
a bug bounty for the work.
And there was this whole other thing too where like they kind of wanted to hire them.
for an audit and they were bickering over the fee.
And anyway, so one of the screenshots from the back and forth included somebody from
BZX saying that they had a bug bounty program, but it's only for bugs that are disclosed
confidentially by email.
And the block then published an article where they interviewed BZX founder, Kyle Kistner.
And he said that they had, quote, agreed to pay one-inch exchange a bounty.
even though they violated our disclosure policy by publishing the vulnerability to the public.
And I tried to figure out from the blog post.
It wasn't super clear, but it looks like the amount they finally agreed to pay them was $3,500.
And they also said that they were planning to publish a postmortem at the end of February
and that the industry standard for disclosure of such vulnerabilities is 90 days.
So what's your opinion on how these types of?
bugs should be disclosed and how, you know, people who find these vulnerabilities, how they should
be rewarded? Well, I think it's pretty clear that the one-inch exchange folks found this pretty quickly,
right, or early on compared to these later attacks. And what that means is someone else,
someone else who's technically competent is also going to find out about this bug, even if it's
patched. You know, the history is public. And so,
So I think a 90-day disclosure policy, maybe that's, I'm not as familiar with that, but maybe that works in a closed source environment, but in an open-source environment where you're non-custodially dealing with user funds, people are going to find out about this stuff.
And so I think it just pays.
It's just smart to care about your users, be as upfront as you can be.
Everything is open-source.
There's really nowhere that you can hide.
And I think that, you know, people care more that they don't want to see someone who's, like, flawless, right?
We've seen problems before in Ethereum, and yet the Ethereum community hasn't left after things like the Dow attack.
And, you know, people still believe in parity, even after the parity wallet, multi-sig incident.
And synthetics is a similar example where this white hat found an exploit, and that was done in a way that the synthetic
community hasn't left. So to me, disclose it, be honest, be upfront in an open source environment
where we're all trying to work towards similar goals. It just makes more sense to be forthcoming.
I'll just add that I thought it was like megatrol the one inch because the post-morning that BVX
published this week, they did come, they were very affront about the fact that they didn't have
transparency on their mind and they
promise going forward they're going to be more
transparent and disclose more and then the one inch
block comes out and turns out that all the BZXT wanted was
no one to be aware of these plots.
And probably going forward
disclosures of
exploits and vulnerabilities are actually going to be
rewarded. A, two, I think we're going to see an
usurp in people buying some insurance contracts.
Nexus Mutual is probably going to see a surge as well as default swaps.
For people trying to just protect themselves in the possibility that we're going to see more
of these.
And what do you guys make of what the bounty should be?
Like, you know, this argument they were having about the fee.
You were, you know, you kind of mentioned earlier.
that I guess was it compound or D.YD.
I think it was compound you said has a much higher bounty fee.
Like, do you think that BZX should have had higher bounty fees?
Yeah, I mean, when you start to have lots and lots of user funds on the line, you want to just be safe.
It's not like the bounty is something that you're using for the benefit of, like, humanity at the expense of yourself.
A bounty is to make sure that any exploits are done in a white house.
way. And so you can imagine that if the bounty was closer to $300,000, the first attacker wouldn't
have made the attack because they would have gotten this money in a much more ethical way and a way
that where they can, you know, in an illegal way. And they're not in kind of any, any place where
they have to hide these new funds. And so it's not even should they be higher from a moral point
of you, I think, like, rationally, they should be higher, too, right?
And that's why bug bounties exist in the first place.
I was actually thinking this week how smart, or at least in the slogan or the naming,
a protocol like Uma was very wise to create or design their entire protocol where they have
a cost of corruption for their oracles, thinking how much would it cost for someone to
lie or to distort the price in one of the oracles that they use.
And that's really...
Maya, can you just remind us what UMA is?
I have actually talked to Hart before, and I'm just blanking on what UMA does.
Uma is another synthetic protocol.
I think it's called Universal Market Access.
It's an acronym for that.
And they make use of oracles and price them as like the cost of
corruption. That's literally how they branded it. And I was thinking this week that's actually
kind of a similar take, but in a different creature or a different animal to bounties, because they're
kind of saying, hey, suppose you want to buy out all our market participants and give them an
incentive to lie. How much would it cost? And that's one form of bounties, right, because they're
basically saying we're going to pay it up to the oracle. So they don't have a reason.
to exploit our protocol.
It's a different twist on the same problem.
Yeah, that's super interesting.
And actually, I also want to pick up on what Zupin mentioned,
because he used words like legal and ethical,
or rather illegal and unethical to describe these attacks.
But actually, before we do that,
let's first get a quick word from the sponsors who make this show possible.
Will the world follow France and advocate banning privacy coins?
Will government-backed state?
Cable coins become the new fiat? Are distributed and peer-to-peer exchanges just a flash in the pan?
The answer is maybe. Virtual currencies can flourish and create a new, private, and more versatile
economy. But that grand vision can't happen without keeping crypto clean. And that requires
support of governments and accountability for bad actors. Privacy enhanced compliance using
cryptographic controls has the potential to preserve anonymity without compromising legitimate
investigations. CipherTrac is working on this vision of the future. Sign up to stay up to date on
the Privacy Enhanced Compliance Initiative and receive authoritative crypto-aML reports quarterly.
www.cifertrace.com slash keep crypto clean.
Today's episode is brought to you by Cracken. Cracken is the best exchange
in the world for buying and selling digital assets. With all the recent exchange hacks and other troubles,
you want to trade on an exchange you can trust. Cracken's focus on security is utterly amazing.
Their liquidity is deep and their fee structure is great with no minimum or hidden fees.
They even reward you for trading so you can make more trades for less. If you're a beginner,
you will find an easy on-ramp from five Viat currencies. And if you're an advanced trader,
you'll love their 5x margin and futures trading.
To learn more, please go to crackin.com.
That's KRAK-K-E-N.com.
Why should you get an M-C-O-Visa card from crypto.com?
First, it's a beautiful metal card.
You can top up the card with crypto and spend anywhere a visa is accepted.
You also get up to 5% back every time you spend
on all spending including your morning coffee, gas, or even a new phone.
You know they'll pay for your Spotify,
and Netflix too.
You'll love the unlimited airport lounge access and interbank exchange rates if you travel a lot.
There are so many cool perks loaded in one card.
Download the crypto.com app and reserve yours now.
Back to my conversation with Maya Zahavi and Zuban Kotica.
So Zubin, before the ad break, you mentioned that you felt that if the bounties on BZX had been
higher, that then the attacker would have...
have gotten paid for, you know, understanding this vulnerability in what you called illegal
and ethical way. So does that mean that you think the attack was illegal and unethical?
So I think I'm, you know, I'm not a lawyer, but I know that this is in many, many ways
trending towards the illegal definition. So what we see in traditional finance is that
there are oracles everywhere. People in Defi who are not necessarily a
familiar with traditional finance may not realize that, but things like LIBOR are used as
oracles to determine interest rates. And wherever you have this massive, massive, massive pile of
derivatives in traditional finance, you'll have things like cash settlement, which determine how much
money both sides of the trade make based on an Oracle. And you have things like mark to market.
So there's oracles everywhere in traditional finance. And it's quite,
quite illegal and quite possible in traditional finance to make money by manipulating oracles
in one direction or another in ways that are very similar to these attacks. And so maybe Defi as a
system comes from a certain ethical mentality that code is law or that this is just arbitrage or
that these systems are poorly written and so breaking them may not be unethical. That ethical and
unethical question is a little bit different, but I think what is very, very clear is that it is
illegal from many different points of view, and that regulators would have no hesitancy in going after
something like this and would have many grounds by which to go after it. I think the other thing,
you can just look at this as a defaulted loan, right? And a defaulted loan on BZX, because for, you know,
especially the first attacker takes out a massive leverage position.
The second attacker also takes out a massive loan,
and both of them are essentially under collateralized,
and so they've defaulted on their debt,
and that has legal repercussions as well.
So I think there's just so many different ways
where you can look at this as not necessarily in good legal territory,
but in the ethical question,
I think that is more interesting and a little bit more up for debate.
first off not a lawyer but if you consider the entire defy to be a cake a layered cake right of all these composable contracts that have no kyc no aML issue all these securities and futures and synthetics without any jurisdictional purview or um and our unregistered securities for de facto then just having this one trade in an oracle and disfactor securities for de facto then just having this one trade in an oracle and
sorting an Oracle is just the cherry on the top. And if anyone were to look at the legality of
that trade, the first culprit is going to be the protocol. And the trader is not going to be
someone, any regulator is going to pursue. And you can see that if you look at the ICO
enforcement, who they chose to prosecute, right? And I think that kind of maybe
diminishes how illegal this trade is in comparison to traditional finance.
But again, I just don't consider it to be something illegal.
I think there was, there was an opportunity here based on how these protocols were designed,
and someone just saw an opportunity and took it.
He outsmarted the game.
That's it.
And that's also my opinion on whether or not it's ethical.
And I do agree that maybe disclosing this as a white hat might have been the smartest and more responsible way.
But when we saw the one-inch post on Thursday, that kind of signal to me that, hey, even if someone were trying and maybe they had been in contact with the BZX team, the fact that it wasn't disclosed and there wasn't any transparency maybe meant that the only way to surface this vulnerability was by actually attacking it.
Well, yeah, well, actually, just zoom in to kind of ask you a little bit more about your point that you made there.
Like, so what jurisdiction do you feel like would, you know, would this attack fall under?
Is it just like wherever the attacker resides or?
And I know you're not a lawyer, but I didn't know how much you thought this through, but that was something I wondered about.
I mean, I think what's interesting about regulators when it comes to, especially American regulators, when it comes to finance, is that even if things aren't happening on U.S. soil, if the dollar is involved, if it ever touches the dollar, they take extremely big liberties with taking it under their jurisdiction.
And I think for the second attack at least, you have the S-USD, so Synthetics U.S.D stable coin.
And there's an argument to make there that regulators can go after that because it's touching the American dollar, right?
And American regulators to speak.
I'm not sure if any regulators know much about SUSD.
Yeah, I'm sure they don't right now, but I'm sure within a few years.
I would agree with that.
That is true.
I've actually had a bunch of, well, I'm not going to say, but just regulators have told me that they do listen to the show.
So I agree with Zubin, but I'd say that the only regulators that really matter are the Americans.
And it has nothing to do with whether or not someone touches the U.S. dollar.
Because you can see that any regulatory jurisdiction that respects herself or considers itself as a first tier
is always going to make sure that their regulatory enforcement is on par with the American one.
and you can see it in all the discussions, the FATF regulations as well, as FATCA and different since and directives.
I think Switzerland might feel differently.
But, yeah.
I said, I think Switzerland and a bunch of other havens might disagree, right?
But I think, I think to a large extent you're right, right?
I think that America has been able to, to a certain extent,
exert influence across every regulatory paradigm in finance.
Yeah, and they definitely did that in Switzerland in a big way where they, you know,
kind of forced more transparency so people could, yeah, couldn't hide funds over there.
All right.
So here's something that we have kind of talked a little bit about, but I just want to ask about it
directly.
So, you know, now BZX essentially has under collateralized loans on its hands.
So how do you guys think BZX should handle the situation?
Well, so I think that the fact that there's been two successive attacks, and this is kind of a chain, right?
So first you have Sam CZ Sun coming up with an Oracle exploit, and then you have the one-inch team coming up with another exploit,
and then there's two successive attacks on the protocol that leave it devoid of funds.
And when there's that many problems happening in a row, to a certain extent you can come and put a fix.
So you say, okay, the Oracle is going to be through ChainLink.
And that's what they're doing right now.
They're trying to change the oracles to something they feel will be safer.
But I think more fundamentally when you have such a successive set of problems that are happening with a protocol, I think much more drastic action needs to be taken.
and that's my personal view,
whether that's like going through a set of rigorous audits
with multiple independent auditing firms like Open Zeppelin, etc.
That's one way to think about it.
Or maybe just rewriting the whole protocol
or maybe just shutting it down.
I mean, they have admin keys that allow them to pause the protocol.
I'm sure they could find a way to return user funds.
But I think,
Some drastic action needs to be taken.
Maya, what do you think?
One of my most intuitive takeaways that occurred to me as a result of this attack
was that I think we're going to see more protocols put in circuit breakers, which are,
we have them in traditional finance, where if there's a drop or a spike in a price of an asset,
I think it's over 7% on the NASDAQ.
they stop trading for an hour and then resume trading
and if they see another spike, they just end the trading for the day.
And given the fact that crypto is a 24-7 trading venue,
maybe we're going to see more protocols build in circuit breakers
within their own collateralized lending mechanisms
so that if for a second they're under collateralized,
they're going to pause the trading, they're going to rebalance
from their own equity maybe and only then returned to normal operations.
That's one.
And second, I think we're going to see an increase in financial audits as well,
like Gontlet Network did on compound, just to stress test how these protocols behave in extreme
scenarios.
And more likely than not, some of these scenarios are going to be combining different
composable products into a single trade and look into Oracle manipulations as well.
So I think that's going to be a growing feel for auditing that's going to become more and more
popular and hopefully will also become the default, just like code audit is.
So one argument that I have heard about circuit breakers in crypto, and I'm not super
familiar with this area, but I did hear that because,
crypto is so much more volatile and there could be legitimate reasons that a crypto, the price of
a crypto asset could fall precipitously in a short span of time or potentially even spike,
that circuit breakers don't always make sense for these assets. So what do you make of that
argument? I agree. I think you have to really think through when or in what trades you're going
want to do that or maybe even have very extreme kind of spikes in the prices for you to trigger
a circuit breaker. But then you see that in both of these attacks, that's exactly what happened, right?
I mean, the synthetic USD doubled on a stable coin. That should be a huge head scratcher for that.
So that would be one of those extreme events in my view. And Subin, do you have an opinion?
Yeah. I think that, I think that, you know, some of the
the points my brought up kind of highlight how this could have positive impacts for the community right we're going to have
people more careful about oracle risk we're going to have people doing financial audits they're going to
design systems with this kind of cost of corruption approach where they assume maybe an infinitely funded
rational adversary rather than making much lower assumptions on on kind of the the power of their
adversaries. And you're going to also see, and you're seeing this right now, money is going to go
from protocols that are maybe a little bit less secure to ones that are more secure, ones that have
been more well tested, more well audited. And I think like all in all, no one is going to come
and defy and going to make like this Khyber mistake again, where, or I hope so, that no one is
going to, people are going to at least be very cautious when they think of Oracle risk in the future
and when they think about flash loans and adversaries in the future. And I think that just
leaves the system way more powerful and resilient in the future as well. Yeah. And just to go back
to my previous question about what BZEX should do, I did see that Mateo Leibowitz of the block
suggested that they do what he called a graceful unwind because he noted. He noted,
that the BZX team had suggested that they would like use the collateral left by the attackers
for interest payments and basically wait until their insurance pool is big enough to cover this
shortfall. But he he was like, I'm not sure they're going to have the money to cover the shortfall.
So, you know, it's like essentially what I'm asking here is do you think that in a way
these attacks are more like a referendum on BZX, that it's more like, hey, this team, you know, is not up to,
to the standards that we need in this community?
Or is it, you know, something where it's like it could happen to anybody?
So first off, I don't think, I think BZX is the outlier and they've helped bring attention
to a risk that it exists across DFI, right?
I think other teams are just a lot more responsible and they undergo vigorous audits and
they check to make sure that they have.
underlying liquidity to make good with their users if something happens.
But more important than that, you have to keep in mind that BZX didn't lose any of the
users' funds, right?
They're all perfectly safe.
What happened was that the synthetic coin that BZX uses has no liquidity.
And a lot of the users that hold that can get out of their positions due to that,
due to the fact that they're locked and no one really, there's no demand for BZX right now, right?
I just looked on the site today and they are offering a 49% APR right now.
And the thinking is, if the community loses trust in BZX, how are the users that still have funds
they're going to unwind their positions?
And that also goes back to a comparison to traditional finance where any lending entity has to have segregated accounts where they have their own nostro from which they can use in case of such an occurrence.
And we don't necessarily see that in defy.
We do see that with exchanges like finance, right?
So maybe one of the lessons from this incident will be the protocol
will put aside some money to make good with their users in such an event.
Yeah, I think it's interesting.
So, you know, when you think of loss of funds and like no funds were lost,
I think there's two ways to think about that.
The first is, it's true, no one, they didn't go into the BZX protocol and steal some
that were there. But you can think of a protocol losing funds as well from a financial point
of view. So if a bank, you put a bunch of money on a bank, you deposit some amount of money to a
bank and then they go and make a loan that gets defaulted upon and then they can't give you
necessarily all of your money back if you try to take out all your money at that moment.
To me, that's a loss of money. So a massive kind of irresponsible loan.
that gets defaulted upon is a loss of money in a bank context.
And I think in the BZX context, there was a loss of ether funds
because there were two massively undercollateralized
slash liquidated or kind of liquidation,
massively under collateralized positions in the BZX protocol itself.
And so the protocol made massive, irresponsible, defaulted loans.
And in that way, since people can't take all their eth out right now, to me it feels like a loss of funds in the financial context.
Yeah.
Well, I guess we're going to just have to see what they decide to do.
Clearly, it's not a good situation for them or their users.
But let's talk about another solution that they plan to move to, which is that they do plan to integrate chain links.
as you mentioned, which is a decentralized Oracle network. And they say that they plan to integrate
this quote as a supplement to the Khyber price feed to provide time-weighted information on
price data. And then they said, even though this was not an Oracle attack, there were many that
expressed concern that the security properties of our Oracle could be more robust. So how much do you
think this is going to be a solution to prevent attacks like this in the future, both on
BZX as well as more generally in DFI?
Yeah, so I think that the chain link kind of solution that BZX is talking about does
help to a certain extent with some of the Oracle problems that are existing right now.
I'm not as familiar with the chain link system itself, but for all the Oracle class of
attacks, not merely relying on Khyber or illiquid dexes seems to be a prudent move.
However, I think that there are flaws beyond that in BZX's processes that they've kind of admitted.
You know, we have had flaws in our processes with their disclosure, maybe with their security,
with the way that they respond to existing bugs, et cetera, et cetera.
And so an example of this, right?
So they have a kind of pause mechanism by which they've paused the protocol right now.
and if you look through what they've said,
they've said they didn't even realize they had that pause mechanism.
That means that they've written code
and they didn't know that it allowed them to pause the entire protocol.
And to me, it just seems like you go,
the more and more and more you look into this,
the more you realize like, okay,
they've tried to build something cool,
but maybe they haven't done it in necessarily the right way.
And an Oracle fix doesn't solve
these cultural issues
honestly I was really skeptical
when they said that
like it seems to me that they would know
if they have access
and an admin key
because someone had to issue an admin key
exactly
if they knew they had an admin key
that could pause the protocol and then
lied about it that's bad
if they created a protocol they didn't know that it allowed
them to pause the entire protocol
that's also like not so good right
So there's bigger problems
It does defy logic though
It somehow doesn't seem like that would be possible
Like you would know if you could do that
But anyway, all right
So this came up a little bit earlier
But
You know obviously Nexus Mutual is something that we did talk about briefly
But let's just dive into this insurance issue
A little bit more now
So Nexus Mutual, which is the Ethereum-based insurance against smart contract failure, did pay out its first claims after the BZX attack.
And the first person to make a claim was denied actually initially by seven of the eight assessors, but only because it was filed very shortly after the attack when there was little information available about what exactly occurred.
Eventually, however, they did decide that this was a smart contract bug.
and that the smart contract code was used in a way that was not intended.
So do you guys agree that these claims deserve to be paid out?
I think so.
I think that these claims should be paid out because I think that when you're dealing with a financial system,
when you talk about insurance or think about insurance,
you're not just thinking about unintended code usage.
You're not just thinking about hacks, right?
It would be bizarre if FDIC covered you only if there was a hack in the bank system and not a financial crisis, right?
And when we think of these risks, we think of insolvency as like the first one.
We think of if the protocol somehow irresponsibly uses my money and loses it, how do I get it back?
Maybe it's not because of a hack.
Maybe it's because of some other massive problem or liquidity crisis or whatever.
And so I think that any insurance, and of course, full disclosure, I'm building open, which is doing exactly this.
Right. I should have mentioned that when I asked this, but anyway.
Yeah, because you guys are doing the financial coverage as well.
Exactly. So our idea is that you want to cover everything. You want to cover financial problems.
You want to cover liquidity crises. You want to cover like Oracle manipulations. You want to cover everything that you can.
including the technical problems, the hacks, the exploits.
And to me, it seems like if you're using Nexus Mutual right now,
I can imagine you're relieved about the first one paying out,
but does the second and does do further attacks that come down the line,
are they going to be paid out?
And you're scared, like, what if I fell my claim too quickly?
What if I need the money really badly and I have to wait for this claims process?
to me it seems like if you have a decentralized permissionless system, insurance should be
decentralized and permissionless.
And I think the Nexus Mutual team is like extremely strong, very smart, but I think until
you cover financial risks, like these flash loan type of lists by well-funded adversaries,
until then you don't have comprehensive insurance.
So first of all, I want to like, I think we, like, Nexus Mutual deserve a huge kudos because I think it was
very impressive the payout and the claim and everything that happened this week. Having said that,
I think there's some lessons to take away from that. Number one, that it wasn't smart to
immediately vote on that claim. But on the other hand, there is a liquidity issue for people
who have funds stuck or pause on that protocol that even if they do receive a claim, they might
have, they might be short on other assets that they need to pay out, right? And so,
So maybe we need to think about insurance, especially about smart contracts, slightly different,
maybe provide some sort of funds in the meantime before that claim is resolved and create some
mechanism to allow people to access other funds until they know whether or not they're going
to receive the money from Nexas Mutual.
Having said that, the default or the case of insolvency that's due being mentioned is something
that we can prepare, but I believe that when we have a default on DFI, there's going to be a
huge domino effect that could have ramifications on the underlying assets themselves, which in
DFI's case is essentially the EIT or the EAR and protocol, right? If you really think on the
abstract, you can imagine that DFI is essentially financialized instrument.
where the underlying assets are always
Ethereum that's being locked up, right?
And we haven't seen a huge slippage on that.
We have seen funds stuck,
whether it was the parity hack
or if it was right now it was BZX or synthetic.
The domino effect is the systematic risk
that I find to be the most disturbing in this market.
And I don't necessarily think that just
that just having a credit default swap is on chain would be enough to cover it because it's also
going to succumb to the underlying protocol and the flip in EAT if there is such a black swan
event.
How we're going to adjust to add in the community, I think is going to be tested because
like we started this conversation, we have a huge bounty in defy to experiment and find out.
Yeah, I'm a little bit nervous as we go forward because I feel like some of these issues are not super resolved and Defi just keeps getting bigger.
I'm the token skeptic.
And to be honest, this week I'm actually happy because I think all these risks were there from the get-go.
And people kind of like just covered it up or were quiet and didn't discuss it in great detail.
And the fact that we had this series of events over the past week actually,
makes the conversation and the debate, it brings it up a level so we can actually
discuss and see how best to design the right system so we can go forward and build this into
a real financial market. So I'm actually optimistic. Yeah. I think this has been really good
for the ecosystem. I agree. I think that people are now waking up to the risks that are
there in D5. Kind of to your point earlier, my
You were talking about credit default swaps.
I agree.
I think credit default swaps don't work at all because you need some kind of Oracle to determine
if there was a hack or not.
I think a solution that doesn't require any human intermediaries is the best.
You're right that protocol level issues still exist, right?
So if you're building a defy insurance, there's going to be some reliance on ETH because
if ETH crashes to zero, then, you know,
there's basically no consensus that can happen.
And even things like mining start to break down.
But I think that you want to cover as much of the risk as you can.
And I think that the way we've done it, which you can, you know,
read about more at open.com is much better.
But, yeah, I think that this is really good for the ecosystem in general.
Okay.
All right. Well, we will see how the various teams in Defi incorporate the lessons from this. And whether or not we see any similar attacks going forward, hopefully not. But yeah, I'm going to have to keep my fingers crossed, I think. All right. Well, where can people learn more about each of you?
Well, so yeah, to learn about how we do insurance, we'll be talking about a lot of that in new blog posts that are coming out, but you can go to convexity.open.com, opy, n.co. And you'll read exactly how our protocol works. That's where our white paper is. And how do you do trustless, completely decentralized insurance that covers both technical financial risks?
Maya. And you can follow me on Twitter at Myazi.
And why don't you just spell that for people?
Sorry, M-A-A-A-Z-I.
All right.
Actually, can I ask you, why do you have a pizza slice in your Twitter?
No.
Name.
And it said, by the way, people, it says D-P-P-I.
D-P-I, Laura.
How do you not know about the joke was that none of, and this started out as a troll,
and it's actually related to this whole conversation,
that the entire D-Fi is not decentralized.
It's as centralized as a pizza.
right? You have all the topping scattered, but at the end of the day, you always have an admin key. So it's a pie. It's not a defy.
Okay. And a pizza is centralized because it's like, it's just like a single object? Okay, got it.
Yeah. And there's also, FYI, there's also a depyin podcast about the best pizza and how fast pizza.
centralized it is. I kid you not.
Wait,
Deep Pyte, like not...
That's my chain with self-motion.
Even just like,
oh, DePiant, that's your own? Okay.
Is that your own podcast?
No, it's friends. It's how we started out the troll for the Deepi.
That's so funny. Oh, I see.
All right. Well, I guess we'll have to check that out. It sounds funny.
Yeah. And probably relevant here.
All right. Well, thank you both so much for joining today. This was
like an amazing discussion.
And yeah, I have a feeling people will have feelings about what you guys said.
All right.
People to learn more about Mayan, Zuba and the BZX attacks, check out the show notes inside
your podcast player.
And whether you're feeling this crypto winter or the other kind of winter,
keep yourself warm with some unchained t-shirts, hats, mugs, and stickers,
which you can find at shop.
uncined.com.
Unchained is produced by me, Laura Shin, with help from fractal recording,
Anthony Yoon, Daniel Nuss, Josh, Josh,
and the team at CLK transcription.
Thanks for listening.