DeFi bZx Losses $55M After its Developer’s Private Key Was Compromised In A Phishing Attack

2021-11-6 16:06

Trading and lending platform bZx suffered an exploit of $55 million in yet another round of compromise.

The decentralized finance (DeFi) protocol reported on Friday that the private key controlling the project’s deployments on Polygon and Binance Smart Chain (BSC) was compromised, leading to the loss of funds. The Ethereum deployment, however, is not impacted and continues to function normally.

“The Ethereum contracts and treasury remains safe. Roughly 25% of this figure is personal losses from the team wallet that was compromised.”

As a precaution, bZx has temporarily disabled the UI on BSC and Polygon. If anyone has approved any tokens to the bZx contracts on Polygon or BSC, they are asked to revoke their approvals as soon as possible.

The bZx team noted that the decentralized autonomous organization (DAO) treasury has funds significantly above the impact of the incident, and they will have a community vote to use the funds from the treasury as a backstop to make victims whole.

Blockchain security firm SlowMist alerted that these funds were siphoned from the project and kept in seven separate addresses.

In its post mortem, the project noted that a bZx developer had his personal wallet’s private keys stolen in a phishing attack.

Because, unlike Ethereum, the BSC and Polygon implementation administrative private keys haven’t been transferred to the DAO yet, the hacker used the private key to gain access to the individual developer’s personal funds and the bZx deployment on BSC and Polygon.

The hacker then was able to upgrade the contract and attack the protocol and funds held within it.

Overall, the bZx developer was not the only one affected; lenders, borrowers, and yield farmers with funds on Polygon and BSC and those who had given unlimited approvals to those contracts.

In response, the token BZRX dropped about 21% to $0.378. As of writing, the $131 million market cap cryptocurrency is trading at $0.385.

However, this wasn’t the first time the project suffered an attack, as on three other occasions [1st hack, 2nd hack, 3rd hack], it was hacked. During the recent exploit in September 2020, the project lost over $8 million, but it claims to have “recovered” all of the funds.

“Any attack on crypto is bad for everyone. This is not about one project against another. It's about crypto in general against the rest of the world. Any failure goes to the expense of the entire crypto community. Let's stand together and show the world that we are capable of shaping the future.”

The post DeFi bZx Losses M After its Developer’s Private Key Was Compromised In A Phishing Attack first appeared on BitcoinExchangeGuide.

Similar to Notcoin - Blum - Airdrops In 2024

origin »

Bitcoin Private (BTCP) íà Currencies.ru

$ 0 (+0.00%)
Îáúåì 24H $0
Èçìåíåèÿ 24h: 0.00 %, 7d: 0.47 %
Cåãîäíÿ L: $0 - H: $0
Êàïèòàëèçàöèÿ $0 Rank 99999
Öåíà â ÷àñ íîâîñòè $ 0.1542 (-100%)

compromised defi key bzx private controlling finance

compromised defi → Ðåçóëüòàòîâ: 6


DeFi project DNS hijack attack: PancakeSwap regains access; Cream’s website still compromised

Websites of DeFi projects Cream.Finance and PancakeSwap reportedly came under attack by hackers. According to their tweets, the projects’ DNS had been compromised. Users who visited the websites of The post DeFi project DNS hijack attack: PancakeSwap regains access; Cream’s website still compromised appeared first on AMBCrypto.

2021-3-16 20:25


DeFi “DNS Hijack:” Cream Finance Deployed to New Domain, PancakeSwap Regains Access

Decentralized finance (DeFi) protocols Cream Finance, and Binance Smart Chain (BSC) based PancakeSwap are reporting DNS (Domain Name System) “hijacks” of their respective platforms. Lending protocol Cream Finance tweeted on Monday, “Our DNS has been compromised by a third party; some users are seeing requests for seed phrase on http://app.

2021-3-16 20:22