bZx DeFi Platform Lost $55 Million Stolen In The Latest Crypto Heist

Another cryptocurrency platform has suffered a cyber attack. The latest victim of the crypto heist is the DeFi platform bZx that lost around $55 million worth of assets. The platform has asked the hacker to return the funds for a “bounty”.

bZx DeFi Platform Crypto Theft

On November 5, 2021, bZx DeFi platform detected and disclosed malicious activity on its systems. As shared in a tweet, the platform basically noticed “loss of funds” due to a compromised private key.

At the same time, the platform asked all users to revoke any approvals for bZx contracts on Polygon or BSC.

Though, they assured that the incident didn’t affect the bZx smart contracts but the Polygon and BSC deployments. However, speculations ran rife about protocol vulnerabilities. Therefore, bZx continued with the investigations whilst disabling BSC and Polygon UI out of caution.

Eventually, the platform has recently shared details in a report about what exactly had happened.

As revealed, the crypto heist happened due to a phishing attack on a bZx DeFi platform employee.

A bZx developer was sent a phishing email to his personal computer with a malicious macro in a Word document that was disguised as a legitimate email attachment, which then ran a script on his Personal Computer. This led to his personal mnemonic wallet phrase being compromised.

Eventually, the attacker got access to the compromised bZx developer wallet, and the private key to BSC and Polygon deployment. This then allowed the attacker to pilfer digital assets worth $55 million (according to SlowMist).

Consequently, bZx noticed negative balance for a user on November 5, with high utilization rates and detected the matter. Following this discovery, the platform swiftly traced the hacker’s wallet address, contacted the relevant services to track and contain the flow of assets.

‘Return The Money For Bounty’ – Urges bZx

For now, bZx hasn’t recovered the lost money, nor has it precisely listed the exact loss. Nonetheless, what it has confirmed is no impact of the incident on the Ethereum deployment of bZx protocol.

So, while the platform goes on with the investigations, it has asked the hacker to return the money voluntarily. bZx has also offered a “bounty” to the attacker in return.

“We encourage this individual to reach out to the DAO at hello@bzx.network to discuss returning the funds and potential bounty.

It remains unclear if the attacker has any plans to acknowledge this offer.

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil