bZx, a cryptocurrency company, announced on Friday that a hacker stole millions of dollars in various currencies after one of its developers fell for a phishing attack.
Photo credit: TechnoGrinder | Twitter: @TechnoGrinder
The decentralized finance sector is expanding at an alarming rate. At the time of publication, the total value locked in DeFi stood at more than $250 billion. However, there is a downside to this ever-expanding ecosystem.
The DeFi sector lost approximately $240 million in the first four months of 2021. These are only the cases that have been made public; the true loss estimate could be in the billions of dollars.
A widely used protocol, DeFi protocol bZx, is currently trending in the news. For all the wrong reasons. This Ethereum and Binance Smart Chain-based protocol was hacked for at least $55 million.
The Ethereum deployment, governance, and DAO treasury were unaffected because the private key to bZx’s Ethereum deployment was secured by a multi-party contract and governed by a DAO.
SlowMist, an outside security firm, estimated the total haul at $55 million, according to The Block, a cryptocurrency blog, on Friday.
“Roughly 25% of this figure is personal losses from the team wallet that was compromised,” bZx tweeted.
According to bZx, the breach began with a phishing email sent to a developer’s personal computer. The email contained “a malicious macro in a Word document disguised as a legitimate email attachment, which then ran a script on his Personal Computer, resulting in the compromise of his personal mnemonic wallet phrase,” according to the company.
On Friday, around 8:30 a.m. EST, the company received a series of alerts about suspicious activity, including a flagged wallet. The wallet of the hacker was tracked by the company. It published a list of balances and a few transactions on its blog.
The wallet contained approximately 25% of the stated amount. The rest belonged to the users. “Additional information to follow, we are still investigating this incident,” the team stated, adding, “If you have approved any tokens to the bZx contracts on Polygon or BSC, please revoke your approvals ASAP.”
The company stated that it was still attempting to determine the total amount of money stolen. It stated that it was collaborating with law enforcement to recover the funds and track down the hacker.
Furthermore, the UI on BSC and Polygon was temporarily disabled. The Ethereum App, on the other hand, continued to function normally.
‘It was a phishing attack’
Photo credit: iStock
Following this unfortunate event, the developers of the hacked protocol were quick to release additional information in order to keep their users informed. The incident today, according to the team, was NOT a protocol hack. It was a phishing attempt against a bZx developer.
The hacker gained access to the content of the bZx developers wallet, as well as the private keys to the BSC and Polygon deployments of the bZx Protocol, as a result of this attack. The hacker, of course, drained the BSC and Polygon protocols.
This wasn’t the first time this protocol had been hacked. A similar illegal operation was carried out against the protocol last year. It was caught off guard by a margin-lending scheme here. The team later claimed that they had recovered the funds at the time.
Over the last year, projects based on Binance Smart Chain and Polygon have been subjected to a number of attacks. For example, on Binance Smart Chain [BSC], the decentralized transaction protocol BXH was attacked, resulting in a theft of around $139 million at the time of the attack.
Leave a Reply