How to Unlend Tokens Stuck on Fulcrum: ETH, DAI, USDC ect…

A second “flash loan” attack on the decentralized lending protocol bZx saw the perpetrator net $630,000 USD in ETH profits. This followed a previous attack on bZx which caused losses of 1,193 ETH.

The second attack on bZx occurred on February 18th, just four dates after the first attack. As with the first attack, this also led to a suspension of the protocol. Also mirroring the first attack, this exploited flash loans in order to create a pump and dump via Uniswap.

The attack occurred as follows. First, the attacker obtained a 7,500 ETH flash loan from bZx. They then traded 3,517 ETH for 940,000 Synthetix USD (sUSD). sUSD is a stable coin that is pegged to the US dollar. The attacker then moved on to using 900 ETH to buy sUSD on both Kyber and Uniswap. This temporarily pumped the price of sUSD by a factor of two and a half times the existing market rate.

With sUSD now artificially inflated in price, the attacker was able to use the 940,000 sUSD as collateral on a loan of 6,796 ETH on the bZx platform. With this newly borrowed ETH and the ETH that was taken from the original loan, the attacker then repaid the original 7,500 flash loan. Taking a profit of 2,738 ETH. The end result was the bZx now had a loan which is was severely under collateralized.

bZx identified the manipulation of the oracle as the source of the problem. Oracles serve as blockchain intermediaries that provide the external data for smart contracts. In this case, the oracle conveyed the artificial inflated sUSD price. This allowed to the attacker to obtain the under collateralized loan.

Faux-Decentralizated Platform

As a result of the attacks, Fulcrum made a decision to freeze the platform, even though it was stated to be Decentralized, which exposed to be untrue and that is in fact a centralized platform.

The team was equipped to use an “admin key” to shut down the platform at anytime.

Concerned lenders on Fulcrum became paranoid and rushed to take out their money, leaving the lending pool dry at 100% utilization, which now prevents anyone else to take out their funds from the platform directly.

Fulcrum showing Incorrect Lending Balance Due to Lack of Liquidity & Shutdown

Unlending using Smart Contract Conversion

A temporary solution was released a few days later by the team to allow lenders to unlend the remaining funds using a smart contract until the platform is fully restored. The smart contract simply converts iTokens like iETH, iDAI, iUSDC ect… back to their regular state. The single prerequisite is access to the wallet that holds the iTokens using a WEB3 compatible browser like MetaMask, or Trust Wallet.

How to Unlend Tokens from Fulcrum: (iETH, iDAI, iSAI, iUSDC)

1. Visit Fulcrum’s iToken Conversion DApp to convert your iTokens.
2. Choose the Token you Want to Convert using the Smart Contract.
3. Enter Amount to Convert & Submit Transaction (Make sure to have some ETH to pay for GAS fees). Once the transaction is confirmed, the tokens will be visible in your wallet in their original form.