A DeFi hacker compromised a lesser-known protocol but forgot to take their winnings

A DeFi hacker compromised a lesser-known protocol but forgot to take their winnings
Representative imagePixabay

  • The hacker compromised a protocol called Zeed for over $1 million.
  • DeFi hacks have become a serious concern for the crypto industry over the past year.
  • Almost 97% of all cryptocurrency stolen in 2022 came from DeFi protocols.
Hackers can cause devastating losses to decentralized finance (DeFi) platforms, but sometimes they too cock up an attack. At least that was the case when a hacker tried to compromise a DeFi platform called Zeed yesterday.
Shortly after 8 am UTC on April 21, security researchers at blockchain analytics firm BlockSec, tweeted that it had detected a cyberattack on the firm. The hacker exploited a vulnerability in the DeFi protocol that is used to distribute rewards to users, and doing so successfully would allow the attacker to mint extra tokens from the platform. Which in turn would crash the price of the platform’s $YEED token to zero for everyone else, while the hacker earned $1 million worth of tokens.
To do so, the hacker used a smart contract, which was capable of automatically exploiting the loophole that the hacker found. And they were successful too, except for one rather big flaw in the plan. What the hacker did was the equivalent of robbing a bank and forgetting to take the bags of money with you.

DeFi hackers usually transfer the stolen crypto funds to a smart contract, called an “attack contract”, which is then transferred to a wallet while the attack contract self-destructs. In this case, however, the attacker seems to have forgotten to transfer the crypto out of the wallet before setting it to self-destruct.

BlockSec’s researchers noted that $1,041,237.57 worth of stolen crypto tokens are not stuck in the contract forever, since it has been set to self-destruct. The attack took place at 7:15 am UTC on April 21.

To be sure, this doesn’t protect the DeFi platform from losing money. The stuck tokens can’t be recovered, neither by the hacker nor by the protocol itself. But the incident still brings a few chuckles for the serious issue that DeFi hacks have become over the past year or so.

DeFi hacks on the rise

In fact, data from analysis firm The Block Research from November 2021, showed that attacks on DeFi firms had grown by a massive 22.5x year-on-year. According to data from blockchain research company Chainalysis, published on April 14, almost 97% of all cryptocurrency stolen in the first three months of 2022 have been taken from DeFi protocols, up from 72% in 2021 and 30% in 2020.

Notable amongst these are hacks of the Ronin Network, which is attached to Axie Infinity, one of the most popular web3 games in the world today. “In the past, cryptocurrency hacks were largely the result of security breaches in which hackers gained access to victims’ private keys—the crypto-equivalent of pickpocketing. Ronin Network’s March 2022 breach, which enabled the theft of $615 million in cryptocurrency, has proven the continued effectiveness of this technique,” Chainalysis said.

Ronin’s competitor, MetaMask, which is also amongst the most popular crypto wallets in the world, also alerted users of a possible compromise earlier this week.

Amazon brings Metaverse to the e-commerce segment with augmented rooms
NPCI to hire more than 250 engineering trainees from across the country