Hacker ‘self-destructs’ $1M loot gained from DeFi exploit

2 years ago

DeFi

The hacker minted other tokens and sold them for a nett earlier crashing the terms of the token to zero.

2 min read

Updated: April 22, 2022 at 1:51 pm

Hacker ‘self-destructs’ $1M loot gained from DeFi exploit

Cover art/illustration via CryptoSlate

It is uncommon for thieves to permission their loot down erstwhile escaping, but a hacker did precisely that aft stealing much than $1 cardinal from DeFi protocol Zeed.

The hacker exploited a vulnerability successful the DeFi task to bargain implicit $1 cardinal and past locked it successful a self-destruct contract, making it intolerable for anyone to retrieve the stolen funds.

Zeed loses $1M

Blockchain information firm, BlockSec archetypal detected the onslaught connected the Zeed protocol and shared it astir 8 PM UTC connected April 21. 

1/ What if rewards tin beryllium tripled?

Our strategy detected an onslaught transaction(https://t.co/xk8Tet2o0Q) that exploited the reward organisation vulnerability successful ZEED connected #BSC.@zeedcommunity @defiprime

— BlockSec (@BlockSecTeam) April 21, 2022

The hacker took vantage of the reward organisation mechanics connected the DeFi lending protocol, which describes itself arsenic a “decentralized fiscal integrated ecosystem.”

The vulnerability allowed the hacker to mint other tokens and merchantability them, thereby crashing the terms of the token to zero and netting astir $1 cardinal from the theft.

Source: Peckshield

The hacker past sent the stolen crypto to an “attack contract” — a astute declaration susceptible of executing the recovered exploit rapidly and automatically.

For a crushed known lone to the hacker, the onslaught declaration was to self-destruct earlier helium moved the stolen funds. Since the declaration is irreversible, it is intolerable to retrieve the funds.

A blockchain scanner revealed that the onslaught declaration contained $1,041,237.57 worthy of BSC-USD. Its palmy demolition happened astatine 7:15 AM UTC connected April 21.

As of property time, the Zeed protocol has yet to merchandise a remark oregon update astir the hack.

The prevalence of exploits and hacks successful crypto continues to beryllium a root of interest arsenic hackers steadily amended their methods. In the archetypal 4th of the twelvemonth alone, implicit $1 cardinal worthy of funds were stolen, including much than $600 cardinal Axie Infinity exploit.

Users look to beryllium astatine the receiving extremity of these thefts since not each task offers refunds. Beyond that, an exploit could impact the task roadmap successful the agelong word arsenic it erodes investors’ assurance successful the project.

Symbiosis

View source