According to the CoinHolmes, the digital asset visualization platform of PeckShield, the hacker started moving Eth around 03:43 UTC first and then the next movement happened around 04:15 on February 20.
First of all, 1 ETH was recieved from an address starting with 0xb8c6ad and then 2,370 ETH was moved to a new address starting with 0x6b5a. Then there were only 18 ETH left in the hacker’s original address.
The hacker attacked bZx with the address beginning with 0xb8c6ad which maintained to steal 2,378 ETH from the leading protocol. As per PeckShield’s statement, the hacker successfully managed to launder the fund completely with these transactions.
bZx which was hacked twice within a couple of days suffered from a loss of $953,000. The first attacked was reported on February 14 following the second attack that occurred on February 18. The first attack happened at the time; the bZx team was actively participating in the ETHDenver industry event.
The exploiters first loaned 10,000 ETH from dYdX, the decentralized lending protocol at the time of the first attack and then used 5,000 Ether to collateralize 112 WBTC loan through DeFi protocol compound. After that, the hacker transferred around $370,000 worth of Ether, i.e. 1,300 ETH to Fulcrum, bZx’s crypto margin trading platform. As a result, the hacker successfully managed to avail a massive profit of 1,93 ETH that is worth around $318,000.
The detail regarding the second attack is still vague. However, CVO kyle Kistner and bZx’s operation lead implied the attack as an oracle manipulation. The losses stayed around worth $636,000, i.e. 2,388 ETH for the second attack.