A DeFi platform, bZx, lost over $55 Million to an email phishing scam

December 10, 2021
DeFi Platform bZx Email Phishing Scam Crypto Finance

bZx, decentralised finance (DeFi) platform, has recently suffered from a cyberattack upon losing $55 million worth of cryptocurrency assets to an email phishing scam. The DeFi platform lets its customers loan and venture on cryptocurrency price variations.

From a statement the platform has released hours after the incident, a developer from their company has received a phishing email to his computer device attached with a malicious macro from a Word document masquerading as a safe and legitimate attachment.

Moreover, the said email attachment has processed a script inside the developer’s computer and compromised its mnemonic wallet phrase. The hacker carried on by stealing all the assets stored in the personal wallet of the victim developer. They also robbed two private keys stored on the compromised computer used by the platform to integrate with Binance Smart Chain (BSC) and Polygon blockchains.

The stolen keys are exploited to steal the bZx’s BSC and Polygon funds, including the same funds owned by a few users who have approved unlimited spend operations for their two account tokens.

 

The DeFi platform said that the exact stolen amount from the phishing scam is still under investigation; however, as per a security analyst who examined the incident, the sum of the lost assets reached over $55 million.

 

The bZx website user interface was disabled by the platform following the attack, so users are prevented from depositing new funds until the issue gets fixed. The DeFi platform is also working with different crypto exchange platforms to help track the threat actors behind the phishing scam. They are also aiming to freeze and recover the stolen assets.

The DeFi platform has sent a message addressing the hackers directly, asking them to reach out and promising a bounty if they opt to return the stolen assets. According to them, the hackers might also return their assets like the previous hackers of PolyNetwork did after some diplomatic negotiations.

Among the largest cryptocurrency heists worldwide is the bZx DeFi platform, being listed at the fifth spot. The PolyNetwork incident tops the list with records of over $600 million worth of stolen assets. Second from the list is the Cream Finance platform, with more than $130 million lost assets to hackers. The third and fourth are the Liquid and EasyFi platforms who lost $94 million and $81 million, respectively.

About the author