A hacker messes up a Defi attack, resulting in the theft of $1 million from a contract that is meant to self-destruct
A hacker evidently overjoyed with a successful robbery put over $1 million in a smart contract that was programmed to self-destruct, assuring the cryptocurrency could never be transferred.
In a rare instance of hilarious mishap among Defi attacks, an attacker botches their robbery at the finish line, leaving behind over $1 million in stolen cryptocurrency.
On Thursday, April 21st, just after 8 a.m. UTC, blockchain security and analytics company BlockSec said it had identified an assault on Zeed, a little-known Defi lending protocol that bills itself as a “decentralised financial integrated ecosystem.”
The attacker took advantage of a flaw in the way the protocol distributes rewards, enabling them to issue more tokens that were subsequently sold, crashing the price to zero but earning the exploiter just over $1 million.
PeckShield, a blockchain analytics business, stated that the stolen cryptocurrency was moved to an “attack contract,” a smart contract that executes the discovered vulnerability automatically and swiftly.
However, the attacker was allegedly so ecstatic about the successful robbery that they neglected to transfer over $1 million in stolen cryptocurrency out of their attack contract before setting it to self-destruct, permanently and irrevocably assuring the cash cannot be transferred.
Viewing the attack contract address with a blockchain scanner reveals that $1,041,237.57 worth of BSC-USD Binance-Peg currency is permanently locked in the contract, and the contract’s successful self-destruction was certified at 7:15 AM UTC on April 21.
It’s one of the most unusual developments since the Polygon hacker used embedded messages in Ethereum(ETH) transactions to conduct a “Ask Me Anything” after stealing $612 million from the system in August 2021. During the question and answer session, it was revealed that the attacker attacked “for pleasure” and believed “cross-chain hacking was hot.”
This current theft is relatively minor in terms of the money lost, although previous Defi protocol attacks have resulted in hundreds of millions being syphoned off, as was the case with the recent Ronin bridge hack, in which attackers took over $600 million.
Other major Defi breaches include the theft of $80 million in cryptocurrency from Qubit Finance in January, when attackers fooled the protocol into thinking they had placed collateral, enabling them to create an asset representing bridging crypto.
In March, hackers abused the Defi marketplace Deus Finance by manipulating the price feed of a pair of stablecoins, resulting in the bankruptcy of user money and earning the hackers almost $3 million.
Also Read: Binance reverses its stance on the ban on Russian traders