- The hacker compromised a protocol called
Zeedfor over $1 million. DeFihacks have become a serious concern for the cryptoindustry over the past year.
- Almost 97% of all cryptocurrency stolen in 2022 came from DeFi protocols.
Hackers can cause devastating losses to decentralized finance (DeFi) platforms, but sometimes they too cock up an attack. At least that was the case when a hacker tried to compromise a DeFi platform called Zeed yesterday.
1/ What if rewards can be tripled?Our system detected an attack transaction(https://t.co/xk8Tet2o0Q) that exploit… https://t.co/ypN5CoMN4C
— BlockSec (@BlockSecTeam) 1650528505000
Shortly after 8 am UTC on April 21, security researchers at blockchain analytics firm BlockSec, tweeted that it had detected a
DeFi protocol that is used to distribute rewards to users, and doing so successfully would allow the attacker to mint extra tokens from the platform. Which in turn would crash the price of the platform’s $YEED token to zero for everyone else, while the hacker earned $1 million worth of tokens.
#PeckShieldAlert #slippage $YEED dropped -100% https://t.co/HZ1UIAVQas @zeedcommunity https://t.co/SZ89etc1t7
— PeckShieldAlert (@PeckShieldAlert) 1650530140000
To do so, the hacker used a smart contract, which was capable of automatically exploiting the loophole that the hacker found. And they were successful too, except for one rather big flaw in the plan. What the hacker did was the equivalent of robbing a bank and forgetting to take the bags of money with you.
DeFi hackers usually transfer the stolen crypto funds to a smart contract, called an “attack contract”, which is then transferred to a wallet while the attack contract self-destructs. In this case, however, the attacker seems to have forgotten to transfer the crypto out of the wallet before setting it to self-destruct.
BlockSec’s researchers noted that $1,041,237.57 worth of stolen crypto tokens are not stuck in the contract forever, since it has been set to self-destruct. The attack took place at 7:15 am UTC on April 21.
To be sure, this doesn’t protect the DeFi platform from losing money. The stuck tokens can’t be recovered, neither by the hacker nor by the protocol itself. But the incident still brings a few chuckles for the serious issue that DeFi hacks have become over the past year or so.
DeFi hacks on the rise
data from analysis firm The Block Research from November 2021, showed that attacks on DeFi firms had grown by a massive 22.5x year-on-year. According to data from blockchain research company
Notable amongst these are hacks of the Ronin Network, which is attached to Axie Infinity, one of the most popular web3 games in the world today. “In the past, cryptocurrency hacks were largely the result of security breaches in which hackers gained access to victims’ private keys—the crypto-equivalent of pickpocketing. Ronin Network’s March 2022 breach, which enabled the theft of $615 million in cryptocurrency, has proven the continued effectiveness of this technique,” Chainalysis said.
Ronin’s competitor, MetaMask, which is also amongst the most popular crypto wallets in the world, also
alerted users of a possible compromise earlier this week.
Amazon brings Metaverse to the e-commerce segment with augmented rooms
NPCI to hire more than 250 engineering trainees from across the country