+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeNewslettersNextShare
 

A hacker stole more than $55 million in crypto after a bZx developer fell for a phishing attack

Nov 7, 2021, 16:22 IST
Business Insider
The hacker's wallet included more than $20 million in Ethereum, bZx said in a blog post. Dado Ruvic/Reuters
  • A hacker stole millions after a developer at bZx, a crypto company, fell for a phishing attack.
  • SlowMist estimated the total haul at $55 million, The Block, a crypto blog, reported on Friday.
Advertisement

Crypto company bZx said on Friday that a hacker stole millions in various currencies after one of its developers fell for a phishing attack.

SlowMist, an outside security company, estimated the total haul at $55 million, The Block, a crypto blog, reported on Friday.

"Roughly 25% of this figure is personal losses from the team wallet that was compromised," bZx said on Twitter, responding to The Block's reporting.

On Friday, bZx posted what it said were details of the hacker's accounts, which included Ethereum totaling $21 million. The company, a decentralized-finance platform, or DeFi, said it was still investigating the hack. It said the breach affected "lenders, borrowers, and farmers" with funds on two platforms, Polygon and Binance Smart Chain.

"A limited number of users who had approved the unlimited spend had funds stolen from their wallet," the company said in its unsigned technical analysis of the hack. "The developer's wallet had all funds drained from their wallet."

Advertisement

The breach began with a phishing email sent to a developer's personal computer, bZx said. That email had "a malicious macro in a Word document that was disguised as a legitimate email attachment, which then ran a script on his Personal Computer. This led to his personal mnemonic wallet phrase being compromised," the company said.

At about 8:30 am EST on Friday, the company received a series of notifications about suspicious activity, including a flagged wallet. The company tracked the hacker's wallet. It posted a list of balances, along with a few transactions, on its blog.

The company said it was still working to determine the total amount of funds stolen. It said it was working with law enforcement to recover the funds and identify the hacker.

"We are gathering data on the specific wallets which were affected by the attack," bZx said.

Insider has reached out to bZx for additional information and comment.

Advertisement

Coindesk reported on Friday that bZx was hacked three times last year.

Next Article