After a successful robbery, a hacker supposedly left over $1 million in a smart contract that was programmed to destruct, assuring the crypto could never be moved.
Took advantage of Defi vulnerabilities
BlockSec, blockchain security, and analytics business announced on Thursday just after 8:00 a.m. UTC that it had discovered an attack on Zeed, a little-known DeFi lending protocol that bills itself as a “decentralized financial integrated ecosystem.”
An attacker has fumbled their heist at the finish line, leaving behind over $1 million in stolen crypto in a rare comedy blunder among decentralized finance (DeFi) vulnerabilities.
The attacker took advantage of a flaw in the way the protocol distributes rewards, allowing them to manufacture extra tokens that were subsequently sold, bringing the price down to zero. However, the exploiter only made a little more than $1 million.
Planned or mistake?
The stolen coin was transferred to an “attack contract,” a smart contract that automatically and quickly executes the discovered exploit, according to blockchain analytics firm PeckShield.
The attacker, however, was supposedly so ecstatic with the successful heist that they forgot to transfer over $1 million worth of stolen crypto out of their attack contract before setting it to self-destruct, assuring the monies could never be moved.
Using a blockchain scanner to inspect the attack contract address reveals that $1,041,237.57 in BSC-USD Binance-Peg token is stuck in the contract indefinitely. The contract’s effective self-destruction was confirmed around 7:15 a.m. UTC on Thursday.
It’s one of the strangest developments since the Polygon hacker used embedded messages in Ether (ETH) transactions to do an Ask Me Anything after stealing $612 million from the protocol in August 2021.
The attacker hacked “for pleasure” and thought “cross-chain hacking is hip,” according to the question and answer session.
ALSO READ – COMP Price Analysis: Buyers uplift Compound prices
Another Example
Other DeFi protocol hacks have resulted in hundreds of millions of dollars being siphoned off, thus this latest theft is on the smaller end of the scale.
As was the case with the recent Ronin bridge hack, in which the criminals made off with more than $600 million.
Other prominent DeFi breaches include the $80 million in crypto stolen from Qubit Finance in January, when attackers fooled the protocol into thinking they had placed collateral, allowing them to manufacture a bridged crypto asset.
In March, hackers abused the DeFi marketplace Deus Finance by manipulating the price feed of a pair of stablecoins, resulting in the insolvency of user funds and earning the hackers almost $3 million.
Source: https://www.thecoinrepublic.com/2022/04/24/hacker-left-1-million-in-smart-contract-programmed-to-destruct/