Advertisement
On Thursday, security and analytics firm BlockSec shared that it discovered an attack on a little-known DeFi platform, Zeed, positioning itself as a "decentralized financial integration ecosystem."
Attackers took advantage of a vulnerability in how the platform distributes rewards, allowing them to earn more tokens. These tokens were then sold, causing the price to drop to zero, but raked in more than $1 million for the attacker.
Blockchain analytics firm PeckShield announced that the amount of stolen cryptocurrencies was transferred to an "attack contract," a Smart contract that quickly automatically handles the stolen money.
#PeckShieldAlert It appears that @zeedcommunity suffered an exploit. The exploiter gained ~$1m. The gains currently sit in the attack contract. https://t.co/bSHHGM623Q @peckshield https://t.co/jXVj0oGI8B
— PeckShieldAlert (@PeckShieldAlert) April 21, 2022
However, this attacker was probably so excited by his successful theft that he forgot to move more than 1 million cryptocurrencies out of the attack contract before it self-destructed, making the money permanently impossible to move.
Interesting. The hacker kills the contract, but forgets to transfer the profit. https://t.co/HbS2fiztuc https://t.co/uApZyK8Uym pic.twitter.com/FwpZweNLHU
— PeckShield Inc. (@peckshield) April 21, 2022
Blockchain scanning technology looking at this attack contract address shows that $1,041,237.57 of Binance BSC-USD tokens have been permanently stuck in the contract. The self-destructing mode of this contract was then implemented on the same day on April 21.
This is one of the strange events since the Polygon hacker carried out the AMA using messages embedded on Ether (ETH) transactions after stealing $612 million from the platform in August 2021. After a round of Q&A, the attacker revealed that they hacked "for fun" and thought that "cross-chain hacking is attractive."
The losses of this latest hack along with those on other DeFi platforms have reached hundreds of millions, including the recent Ronin Bridge hack alone when hackers stole more than $600 million.
