[TheRecord] Hacker steals $55 million from bZx DeFi platform

A hacker has stolen an estimated $55 million worth of cryptocurrency assets from bZx, a decentralized finance (DeFi) platform that allows users to borrow, loan, and speculate on cryptocurrency price variations.

“A bZx developer was sent a phishing email to his personal computer with a malicious macro in a Word document that was disguised as a legitimate email attachment,” the company said in a preliminary post mortem of the attack published on Friday night, hours after the hack.

bZx said the email attachment ran a script on the developer’s computer that compromised the employee’s mnemonic wallet phrase.

The attacker then proceeded to empty the developer’s personal wallet and then stole two private keys from the employee’s computer that were being used by the bZx platform for its integration with the Polygon and Binance Smart Chain (BSC) blockchains.

The hacker then used these keys to steal the platform’s Polygon and BSC funds, along with the same funds from a small number of users who approved unlimited spend operations for the two tokens in their accounts.

While bZx said it’s still investigating the exact amount of stolen funds, blockchain security firm SlowMist put the sum at more than $55 million, based on the malicious transactions it detected.

#bZx private key compromised, over $55 million dollars stolen so far. We’ll continue to update as more information is discovered. @RektHQ @ChainNewscom @bZxHQ https://t.co/SM6WWDt06J pic.twitter.com/39S05IiBFr

— SlowMist (@SlowMist_Team) November 5, 2021

In the aftermath of the hack, bZx said it disabled its website’s UI to prevent users from depositing new funds and was working with various cryptocurrency exchanges to track the attacker and freeze and potentially recover the stolen funds.

bZx asks hacker for their funds back; promises a bounty

In addition, the DeFi platform has also put out a message directly addressed to the hacker:

We encourage this individual to reach out to the DAO at [email protected] to discuss returning the funds and potential bounty.

bZx is hoping for a repeat of the PolyNetwork incident, where the attacker returned all the $600 million stolen funds back to the company after similar negotiations.

The bZx incident currently joins the list at #5 as one of the largest cryptocurrency heists that have taken place this year:

PolyNetwork – $600 millionCream Finance – $130 million (October)Liquid – $94 millionEasyFi – $81 millionUranium Finance – $50 millionCream Finance – $37 million (February)Alpha Homora – $37 millionVee Finance – $35 millionMeerkat Finance – $31 millionSpartan – $30 millionCream Finance – $29 million (August)pNetwork – $12 millionRari Capital – $11 million

The post Hacker steals $55 million from bZx DeFi platform appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[SecurityWeek] S.Africa’s Port Terminals Restored Following Cyber-Attack

All posts, Security Week

Operating systems have been restored at South Africa’s state-owned logistics firm, the company said Thursday following a cyber-attack last week that hit the country’s key port terminals. read more Source: Read More (SecurityWeek RSS Feed)

Read More

[SecurityWeek] ICS, OT Cybersecurity Incidents Cost Some U.S. Firms Over $100 Million: Survey

All posts, Security Week

A report published on Wednesday by the Ponemon Institute and industrial cybersecurity firm Dragos shows that the average cost of a security incident impacting industrial control systems (ICS) or other operational technology (OT) systems is roughly $3 million, and some companies reported costs of over $100 million. read more Source: Read More (SecurityWeek RSS Feed)

Read More

[BleepingComputer] FBI warns of BEC scammers impersonating construction companies

The Federal Bureau of Investigation (FBI) warned private sector companies of scammers impersonating construction companies in business email compromise (BEC) attacks targeting organizations from multiple US critical infrastructure sectors. […] Source: Read More (BleepingComputer)

Read More