Last Updated on 22/11/2021 by Nidhi Khandelwal
The bZx decentralised finance (DeFi) platform has been robbed of $55 million in cryptocurrencies by threat actors. Users can borrow/loan and speculate on cryptocurrency price fluctuations using decentralised finance (DeFi) networks.
Through spear-phishing assaults, attackers gained two private keys for the DeFi platform; the attack was identical to one that previously attacked another user dubbed The incident was not a procedural breach, according to the company.
The phishing letter included a weaponized Word document that, when viewed, ran a script on the developer’s computer, giving the attackers access to the employee’s mnemonic wallet phrase.
The attackers took money from the developer’s personal wallet as well as the two private keys used by the bZx platform to connect to the Polygon and Finance Smart Chain (BSC) blockchains.
The threat actors were able to steal funds from a small number of users who permitted unlimited spend activities by using the keys.
Banting and Mudit Gupta were contacted and invited to join us in the battle room.
Tether was contacted, and USDT was frozen from the hacker’s wallet. (Addresses are shown below)
Finance was contacted, and the stolen BZRX on BSC was frozen to prevent it from being transferred.
KuCoin was contacted, and it was discovered that one of the hackers’ wallets was being used to make transactions in and out of the exchange.
To prevent users from depositing, the UI on Polygon and BSC has been disabled.
USDC was contacted and a request to freeze USDC in the hacker’s wallet was made.
KuCoin was contacted to determine the identity of the hacker’s KuCoin account.