The price of tokenized bitcoin briefly went to $4,000 on the ethereum based crypto broker Kyber as pictured above due to price manipulation through flashloans by a skilled coder this Saturday.
The haxor sent WBTC’s price, which is kind of pegged to btc’s price, down by $6,500 from circa $10,500 while at the same time he had a short position on trading platform bZx with all this visible on the blockchain.
The intentionally induced crash was temporary, with it returning to just above $10,500 a few hours later.
Some volatility follows with WBTC’s price spiking to close to $13,000, perhaps by a copy cat. It then tends lower to the current price of circa $9,800.
Flashloans as you might know by now allow you to flash borrow in a way the lender is certain they will be paid back because the network does not execute the flashloan smart contract unless by the end of the operation the funds are paid back.
The network basically checks in real time if the code does return the funds, and if it does it completes the steps stated. So allowing someone with no money whatever to complete a monetary operation.
In this case the borrower did so to market sell tokenized bitcoin in the fairly illiquid Uniswap broker dapp which Kyber uses as resserves.
The bZx dapp uses Kyber for their derivatives price feed. So the haxor shorted on bZx and then market sold on Uniswap which affected Kyber’s price and so profited from the short.
He could have of course gone long instead. So rather than shorting he could have longed, and rather than market selling he could have market bought.
It’s not clear however from which he would have made more money, or whether he thought about longing at all.
Now bZx is to use numerous price feeds so manipulating one exchange or broker doesn’t affect the derivative’s price, or at least not as much, but really this flashloan operation is probably the best thing that could have happened to this dapp or any of the other related dapps because everyone now knows about them.
The trick is obviously to make the hack not look like marketing. If it is suspected to be so, it obviously wouldn’t be covered because F black hat marketing, but in this case it appears some very clever guy just took advantage of some very new thing that has now bought him a