+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeNewslettersNextShare
 

A DeFi hacker compromised a lesser-known protocol but forgot to take their winnings

Apr 22, 2022, 17:01 IST
Business Insider India
Representative imagePixabay

Advertisement
  • The hacker compromised a protocol called Zeed for over $1 million.
  • DeFi hacks have become a serious concern for the crypto industry over the past year.
  • Almost 97% of all cryptocurrency stolen in 2022 came from DeFi protocols.
Hackers can cause devastating losses to decentralized finance (DeFi) platforms, but sometimes they too cock up an attack. At least that was the case when a hacker tried to compromise a DeFi platform called Zeed yesterday.
Shortly after 8 am UTC on April 21, security researchers at blockchain analytics firm BlockSec, tweeted that it had detected a cyberattack on the firm. The hacker exploited a vulnerability in the DeFi protocol that is used to distribute rewards to users, and doing so successfully would allow the attacker to mint extra tokens from the platform. Which in turn would crash the price of the platform’s $YEED token to zero for everyone else, while the hacker earned $1 million worth of tokens.
To do so, the hacker used a smart contract, which was capable of automatically exploiting the loophole that the hacker found. And they were successful too, except for one rather big flaw in the plan. What the hacker did was the equivalent of robbing a bank and forgetting to take the bags of money with you.

DeFi hackers usually transfer the stolen crypto funds to a smart contract, called an “attack contract”, which is then transferred to a wallet while the attack contract self-destructs. In this case, however, the attacker seems to have forgotten to transfer the crypto out of the wallet before setting it to self-destruct.

BlockSec’s researchers noted that $1,041,237.57 worth of stolen crypto tokens are not stuck in the contract forever, since it has been set to self-destruct. The attack took place at 7:15 am UTC on April 21.

To be sure, this doesn’t protect the DeFi platform from losing money. The stuck tokens can’t be recovered, neither by the hacker nor by the protocol itself. But the incident still brings a few chuckles for the serious issue that DeFi hacks have become over the past year or so.
Advertisement

DeFi hacks on the rise


In fact, data from analysis firm The Block Research from November 2021, showed that attacks on DeFi firms had grown by a massive 22.5x year-on-year. According to data from blockchain research company Chainalysis, published on April 14, almost 97% of all cryptocurrency stolen in the first three months of 2022 have been taken from DeFi protocols, up from 72% in 2021 and 30% in 2020.

Notable amongst these are hacks of the Ronin Network, which is attached to Axie Infinity, one of the most popular web3 games in the world today. “In the past, cryptocurrency hacks were largely the result of security breaches in which hackers gained access to victims’ private keys—the crypto-equivalent of pickpocketing. Ronin Network’s March 2022 breach, which enabled the theft of $615 million in cryptocurrency, has proven the continued effectiveness of this technique,” Chainalysis said.

Ronin’s competitor, MetaMask, which is also amongst the most popular crypto wallets in the world, also alerted users of a possible compromise earlier this week.

SEE ALSO:
Amazon brings Metaverse to the e-commerce segment with augmented rooms
NPCI to hire more than 250 engineering trainees from across the country
Next Article