Hacker breaches Zeed DeFi protocol but does not withdraw $1 million

An unknown attacker exploited a vulnerability in Zeed, the DeFi protocol on BNB Chain, but did not withdraw the funds worth $1 million.

1/ What if rewards can be tripled?

Our system detected an attack transaction(https://t.co/xk8Tet2o0Q) that exploited the reward distribution vulnerability in ZEED on #BSC.@zeedcommunity @defiprime

— BlockSec (@BlockSecTeam) April 21, 2022

The hacker released additional YEED tokens and sold them on the market. The token price crashed to zero.

#PeckShieldAlert #slippage $YEED dropped -100% https://t.co/HZ1UIAVQas @zeedcommunity pic.twitter.com/SZ89etc1t7

— PeckShieldAlert (@PeckShieldAlert) April 21, 2022

The attacker destroyed the smart contract used in the exploit. As a result, the assets were locked.

Interesting. The hacker kills the contract, but forgets to transfer the profit. https://t.co/HbS2fiztuc https://t.co/uApZyK8Uym pic.twitter.com/FwpZweNLHU

— PeckShield Inc. (@peckshield) April 21, 2022

“It is interesting that the attacker did not transfer the obtained tokens before self-destructing the contract. Probably he was too excited,” said BlockSec experts.

4/ interestingly, the attacker does not transfer the obtained tokens out before self-destructing the attack contract. Probably, he/she was too excited 🙂

— BlockSec (@BlockSecTeam) April 21, 2022

In the first quarter of 2022, crypto projects lost more than $1,22 млрд due to hacks and fraud.

Up to 99% of losses were linked to software exploits, including the year’s early Wormhole and Ronin breaches — at $319 млн and $625 млн respectively.