DeFi platform bZx reports hack; losses estimated at $55 million
On Friday, November 5, the developers of the DeFi platform bZx acknowledged the loss of funds following a hack.
An hour ago it appears that the private key controlling the Polygon and BSC deployments was compromised, leading to loss of funds. The Ethereum deployment is under DAO control and not impacted. We will provide further updates soon.
— bZx — Fulcrum & Torque (on ETH/BSC/Polygon) (@bZxHQ) November 5, 2021
According to them, the private key controlling the deployment on Polygon and Binance Smart Chain was compromised.
Audit firm SlowMist noted that the losses stand at $55 million. The funds are on seven addresses, presumably controlled by the hacker.
#bZx private key compromised, over $55 million dollars stolen so far. We’ll continue to update as more information is discovered. @RektHQ @ChainNewscom @bZxHQ https://t.co/SM6WWDt06J pic.twitter.com/39S05IiBFr
— SlowMist (@SlowMist_Team) November 5, 2021
The project’s developers stressed that the bZx smart contracts themselves were not compromised.
Important to note: the bZx smart contracts themselves were not compromised. This incident only impacted the Polygon and BSC deployments via a compromised key.
— bZx — Fulcrum & Torque (on ETH/BSC/Polygon) (@bZxHQ) November 5, 2021
The project team published the results of a preliminary investigation. According to them, the incident “was a phishing attack on a bZx developer”.
The incident today was NOT a protocol hack. It was a phishing attack on a bZx dev.
bZx on Ethereum is not compromised, only BSC + Polygon.
Our treasury is robust and our community will decide a compensation package.
Investigation ongoing. Read more👇https://t.co/uLIO8K9QDZ
— bZx — Fulcrum & Torque (on ETH/BSC/Polygon) (@bZxHQ) November 5, 2021
«bZx on Ethereum is not compromised, only BSC + Polygon», the post states.
Representatives indicated that the hacker emptied the BSC and Polygon protocols, after which the withdrawal contract was updated. The extent of the losses is being assessed.
«[…] our community will decide on compensation», the bZx team added.
In the last 24 hours, the platform’s native token fell by 12%, according to CoinGecko.
In February 2020, an attacker withdrew 1193 ETH, about 2% of total assets, while the bZx team participated in the ETHDenver hackathon.
Two days later, unknown parties attacked the platform again. The losses were estimated at 2388 ETH.
In September, the hacker withdrew about $8 million. Later the developers said they had returned all stolen funds.
Back in October 2021, the DeFi protocol Cream Finance was hacked again — the damage from the attack amounting to $130 million.
Subscribe to ForkLog news on Facebook!
Рассылки ForkLog: держите руку на пульсе биткоин-индустрии!