Another cryptocurrency platform has suffered a cyber attack. The latest victim of the crypto heist is the DeFi platform bZx that lost around $55 million worth of assets. The platform has asked the hacker to return the funds for a “bounty”.
bZx DeFi Platform Crypto Theft
On November 5, 2021, bZx DeFi platform detected and disclosed malicious activity on its systems. As shared in a tweet, the platform basically noticed “loss of funds” due to a compromised private key.
An hour ago it appears that the private key controlling the Polygon and BSC deployments was compromised, leading to loss of funds. The Ethereum deployment is under DAO control and not impacted. We will provide further updates soon.
— bZx – Fulcrum & Torque (on ETH/BSC/Polygon) (@bZxHQ) November 5, 2021
At the same time, the platform asked all users to revoke any approvals for bZx contracts on Polygon or BSC.
Though, they assured that the incident didn’t affect the bZx smart contracts but the Polygon and BSC deployments. However, speculations ran rife about protocol vulnerabilities. Therefore, bZx continued with the investigations whilst disabling BSC and Polygon UI out of caution.
Eventually, the platform has recently shared details in a report about what exactly had happened.
As revealed, the crypto heist happened due to a phishing attack on a bZx DeFi platform employee.
A bZx developer was sent a phishing email to his personal computer with a malicious macro in a Word document that was disguised as a legitimate email attachment, which then ran a script on his Personal Computer. This led to his personal mnemonic wallet phrase being compromised.
Eventually, the attacker got access to the compromised bZx developer wallet, and the private key to BSC and Polygon deployment. This then allowed the attacker to pilfer digital assets worth $55 million (according to SlowMist).
#bZx private key compromised, over $55 million dollars stolen so far. We’ll continue to update as more information is discovered. @RektHQ @ChainNewscom @bZxHQ https://t.co/SM6WWDt06J pic.twitter.com/39S05IiBFr
— SlowMist (@SlowMist_Team) November 5, 2021
Consequently, bZx noticed negative balance for a user on November 5, with high utilization rates and detected the matter. Following this discovery, the platform swiftly traced the hacker’s wallet address, contacted the relevant services to track and contain the flow of assets.
‘Return The Money For Bounty’ – Urges bZx
For now, bZx hasn’t recovered the lost money, nor has it precisely listed the exact loss. Nonetheless, what it has confirmed is no impact of the incident on the Ethereum deployment of bZx protocol.
So, while the platform goes on with the investigations, it has asked the hacker to return the money voluntarily. bZx has also offered a “bounty” to the attacker in return.
“We encourage this individual to reach out to the DAO at [email protected] to discuss returning the funds and potential bounty.
It remains unclear if the attacker has any plans to acknowledge this offer.