The developers of the bZx decentralized finance (DeFi) lender admitted a loss of funds as a result of hacking on November 5.
Thus, according to them, the hacker compromised the private key of the project deployment management on Polygon and Binance Smart Chain (BSC). Moreover, under the post, the security company SlowMist indicated that at the moment the damage amounted to over $55 million. Apparently, the hacker controls seven addresses with stolen funds.
In addition, the project team has published the results of the preliminary investigation. According to them, the incident was not a protocol hack. It “was a phishing attack on the bZx developer.”
The hacker “emptied the BSC and Polygon protocols”
“bZx on Ethereum is not compromised, only BSC + Polygon,” the message says. Representatives of the platform clarified that the hacker “emptied the BSC and Polygon protocols”. After which he updated the contract for the withdrawal of tokens. According to the protocol, around a quarter of the stolen money was “personal losses from the team wallet.”
“[…] our community will decide on compensation,” bZx added.
Over the past seven days, the platform’s native token has fallen by 9.6%, according to CoinGecko.
Earlier in February 2020, the attacker withdrew 1193 ETH. Or about 2% of the total assets, while the bZx team participated in the ETHDenver hackathon. Two days later, unknown assailants attacked the platform again. The damage was estimated at 2388 ETH.
In September, the hacker withdrew about $8 million. Later, the developers announced that they had returned all the stolen funds.
Recall that previously in October 2021, Cream Finance DeFi protocol has been hacked. The damage from the attack amounted to $130 million. According to Etherscan, an unknown person used a flash loan as part of a complex transaction. The commission exceeded 9 ETH ($36,879 at that time). The majority of the stolen assets are tokens of Cream Finance liquidity providers and other coins of the ERC-20 standard.