CoinTrust

DeFi Protocol bZx Loses $55mln to Hackers

Hacks in the bitcoin industry are not new, and they are becoming more sophisticated with each new breakthrough. While attacking in their hordes, the realm of decentralised finance (DeFi) seems to be drawing enemies to it. In an assault on Friday, the DeFi protocol was targeted and suffered a $55 million loss, making bZx the latest in a long list of victims. According to a preliminary post mortem, the attackers targeted one of the team members and sent him malware contained in an email attachment, which was then deleted.

According to a tweet from bZx, the attacker had gotten access to the private keys that controlled the Binance Smart Chain and Polygon installations, among other things. One of bZx’s engineers had his wallet’s private keys stolen in a phishing assault, according to the company’s post-mortem report published today. A phishing email was sent to him that included a “malicious macro in a Word document that was disguised as a valid email attachment, which subsequently launched a script on his personal computer,” according to the attackers. “It was because of this that his particular mnemonic pocket phrase was compromised.” This exploit provided the hackers with access to the contents of the developer’s wallet and, as a result, the private keys to the BSC and Polygon deployments of the bZx protocol, which they used to compromise the system.


In a statement, the team explained that after acquiring control of BSC and Polygon, the hacker “drained the BSC and Polygon protocol, then modified the contract to enable draining of any tokens for which the contracts had granted limitless authority.”


The assault targeted lenders, borrowers, and farmers who had monies invested in BSC and Polygon contracts, as well as those who had provided limitless authorization to such contracts prior to the attack. According to bZx, its smart contracts were not affected by the attacker, who also withdrew cash from the BSC and Polygon implementations of the protocol as well.

“This issue has had no impact on the Ethereum deployment, its governance, or the DAO treasury,” the statement said. According to bZx, the project’s DAO treasury contains money that are substantially more than the effect of the event.

According to Slow Mist, a blockchain security business, more than $55 million in cryptocurrency was taken, however the bZx team informed The Block that this amount has not yet been independently verified. It is possible to find the money in six different locations, with the greatest holding $18.4 million and the lowest having $697. Other wallets include $6 million, $13.8 million, $15.5 million, $1.1 million, and $201,255, amongst other amounts of money.

Not for the first time, bZx has been the target of a hacking attempt. It was targeted twice in the previous year. In one of the first few cases of flash loan assaults, which occurred in February, the attackers got off with $366,000 worth of Ethereum. In September, the protocol was targeted again again, this time resulting in a loss of $8 million, which represented 30 percent of the cash it had at the time.

Exit mobile version