{"id":60476,"date":"2022-04-22T10:36:18","date_gmt":"2022-04-22T07:36:18","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=60476"},"modified":"2025-09-05T03:30:32","modified_gmt":"2025-09-05T00:30:32","slug":"hacker-breaches-zeed-defi-protocol-but-does-not-withdraw-1-million","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/hacker-breaches-zeed-defi-protocol-but-does-not-withdraw-1-million\/","title":{"rendered":"Hacker breaches Zeed DeFi protocol but does not withdraw $1 million"},"content":{"rendered":"<p>An unknown attacker exploited a vulnerability in Zeed, the DeFi protocol on BNB Chain, but did not withdraw the funds worth $1 million.<\/p>\n<blockquote class=\\\"twitter-tweet\\\" data-lang=\\\"en\\\">\n<p lang=\\\"en\\\" dir=\\\"ltr\\\">1\/ What if rewards can be tripled?<\/p>\n<p>Our system detected an attack transaction(<a href=\\\"https:\/\/t.co\/xk8Tet2o0Q\\\">https:\/\/t.co\/xk8Tet2o0Q<\/a>) that exploited the reward distribution vulnerability in ZEED on <a href=\\\"https:\/\/twitter.com\/hashtag\/BSC?src=hash&#038;ref_src=twsrc%5Etfw\\\">#BSC<\/a>.<a href=\\\"https:\/\/twitter.com\/zeedcommunity?ref_src=twsrc%5Etfw\\\">@zeedcommunity<\/a> <a href=\\\"https:\/\/twitter.com\/defiprime?ref_src=twsrc%5Etfw\\\">@defiprime<\/a><\/p>\n<p>\u2014 BlockSec (@BlockSecTeam) <a href=\\\"https:\/\/twitter.com\/BlockSecTeam\/status\/1517052623354232832?ref_src=twsrc%5Etfw\\\">April 21, 2022<\/a><\/p><\/blockquote>\n<p> <script async src=\\\"https:\/\/platform.twitter.com\/widgets.js\\\" charset=\\\"utf-8\\\"><\/script><\/p>\n<p>The hacker released additional YEED tokens and sold them on the market. The token price crashed to zero.<\/p>\n<blockquote class=\\\"twitter-tweet\\\" data-lang=\\\"en\\\">\n<p lang=\\\"en\\\" dir=\\\"ltr\\\"><a href=\\\"https:\/\/twitter.com\/hashtag\/PeckShieldAlert?src=hash&#038;ref_src=twsrc%5Etfw\\\">#PeckShieldAlert<\/a> <a href=\\\"https:\/\/twitter.com\/hashtag\/slippage?src=hash&#038;ref_src=twsrc%5Etfw\\\">#slippage<\/a> <a href=\\\"https:\/\/twitter.com\/search?q=%24YEED&#038;src=ctag&#038;ref_src=twsrc%5Etfw\\\">$YEED<\/a> dropped -100% <a href=\\\"https:\/\/t.co\/HZ1UIAVQas\\\">https:\/\/t.co\/HZ1UIAVQas<\/a> <a href=\\\"https:\/\/twitter.com\/zeedcommunity?ref_src=twsrc%5Etfw\\\">@zeedcommunity<\/a> <a href=\\\"https:\/\/t.co\/SZ89etc1t7\\\">pic.twitter.com\/SZ89etc1t7<\/a><\/p>\n<p>\u2014 PeckShieldAlert (@PeckShieldAlert) <a href=\\\"https:\/\/twitter.com\/PeckShieldAlert\/status\/1517059481372626946?ref_src=twsrc%5Etfw\\\">April 21, 2022<\/a><\/p><\/blockquote>\n<p> <script async src=\\\"https:\/\/platform.twitter.com\/widgets.js\\\" charset=\\\"utf-8\\\"><\/script><\/p>\n<p>The attacker destroyed the smart contract used in the exploit. As a result, the assets were locked.<\/p>\n<blockquote class=\\\"twitter-tweet\\\" data-lang=\\\"en\\\">\n<p lang=\\\"en\\\" dir=\\\"ltr\\\">Interesting. The hacker kills the contract, but forgets to transfer the profit. <a href=\\\"https:\/\/t.co\/HbS2fiztuc\\\">https:\/\/t.co\/HbS2fiztuc<\/a> <a href=\\\"https:\/\/t.co\/uApZyK8Uym\\\">https:\/\/t.co\/uApZyK8Uym<\/a> <a href=\\\"https:\/\/t.co\/FwpZweNLHU\\\">pic.twitter.com\/FwpZweNLHU<\/a><\/p>\n<p>\u2014 PeckShield Inc. (@peckshield) <a href=\\\"https:\/\/twitter.com\/peckshield\/status\/1517068883370250241?ref_src=twsrc%5Etfw\\\">April 21, 2022<\/a><\/p><\/blockquote>\n<p> <script async src=\\\"https:\/\/platform.twitter.com\/widgets.js\\\" charset=\\\"utf-8\\\"><\/script><\/p>\n<blockquote class=\\\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\\\">\n<p>\u201cIt is interesting that the attacker did not transfer the obtained tokens before self-destructing the contract. Probably he was too excited,\u201d said BlockSec experts.<\/p>\n<\/blockquote>\n<blockquote class=\\\"twitter-tweet\\\" data-conversation=\\\"none\\\" data-lang=\\\"en\\\">\n<p lang=\\\"en\\\" dir=\\\"ltr\\\">4\/ interestingly, the attacker does not transfer the obtained tokens out before self-destructing the attack contract. Probably, he\/she was too excited \ud83d\ude42<\/p>\n<p>\u2014 BlockSec (@BlockSecTeam) <a href=\\\"https:\/\/twitter.com\/BlockSecTeam\/status\/1517052643075850241?ref_src=twsrc%5Etfw\\\">April 21, 2022<\/a><\/p><\/blockquote>\n<p> <script async src=\\\"https:\/\/platform.twitter.com\/widgets.js\\\" charset=\\\"utf-8\\\"><\/script><\/p>\n<p>In the first quarter of 2022, crypto projects lost more than <a href=\"https:\/\/forklog.com\/en\/news\/crypto-industry-losses-from-hacks-reach-1-22-billion-so-far-this-year\">$1,22 \u043c\u043b\u0440\u0434<\/a> due to hacks and fraud.<\/p>\n<p>Up to 99% of losses were linked to software exploits, including the year&#8217;s early Wormhole and Ronin breaches \u2014 at <a href=\"https:\/\/forklog.com\/en\/news\/hackers-drain-more-than-319-million-from-wormhole-cross-chain-bridge-pool\">$319 \u043c\u043b\u043d<\/a> and <a href=\"https:\/\/forklog.com\/en\/news\/ronin-the-ethereum-sidechain-hacked-attacker-siphons-625-million\">$625 \u043c\u043b\u043d<\/a> respectively.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>An unknown attacker exploited a vulnerability in Zeed, the DeFi protocol on BNB Chain, but did not withdraw funds worth $1 million.<\/p>\n","protected":false},"author":1,"featured_media":60477,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1154,1093],"class_list":["post-60476","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-crimes","tag-defi"],"aioseo_notices":[],"amp_enabled":true,"views":"32","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/60476","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=60476"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/60476\/revisions"}],"predecessor-version":[{"id":60478,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/60476\/revisions\/60478"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/60477"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=60476"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=60476"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=60476"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}