A hacker stole more than $55 million in crypto after a bZx developer fell for a phishing attack
- A hacker stole millions after a developer at bZx, a crypto company, fell for a phishing attack.
- SlowMist estimated the total haul at $55 million, The Block, a crypto blog, reported on Friday.
Crypto company bZx said on Friday that a hacker stole millions in various currencies after one of its developers fell for a phishing attack.
SlowMist, an outside security company, estimated the total haul at $55 million, The Block, a crypto blog, reported on Friday.
"Roughly 25% of this figure is personal losses from the team wallet that was compromised," bZx said on Twitter, responding to The Block's reporting.
On Friday, bZx posted what it said were details of the hacker's accounts, which included Ethereum totaling $21 million. The company, a decentralized-finance platform, or DeFi, said it was still investigating the hack. It said the breach affected "lenders, borrowers, and farmers" with funds on two platforms, Polygon and Binance Smart Chain.
"A limited number of users who had approved the unlimited spend had funds stolen from their wallet," the company said in its unsigned technical analysis of the hack. "The developer's wallet had all funds drained from their wallet."
The breach began with a phishing email sent to a developer's personal computer, bZx said. That email had "a malicious macro in a Word document that was disguised as a legitimate email attachment, which then ran a script on his Personal Computer. This led to his personal mnemonic wallet phrase being compromised," the company said.
At about 8:30 am EST on Friday, the company received a series of notifications about suspicious activity, including a flagged wallet. The company tracked the hacker's wallet. It posted a list of balances, along with a few transactions, on its blog.
The company said it was still working to determine the total amount of funds stolen. It said it was working with law enforcement to recover the funds and identify the hacker.
"We are gathering data on the specific wallets which were affected by the attack," bZx said.
Insider has reached out to bZx for additional information and comment.
Coindesk reported on Friday that bZx was hacked three times last year.