An attacker’s deadly mistake resulted in him leaving behind over $1 million in crypto in a rare blunder among online transaction breaches.
The attacker exploited a flaw in the way the protocol distributes rewards, creating extra tokens and then selling them, bringing the price down to zero but earning him or her just over $1 million.
Hacker Blunders Himself
Blockchain security and analytics firm BlockSec announced on Thursday, April 21st, that it had discovered an assault on Zeed, a lesser-known DeFi lending protocol that bills itself as a “decentralized financial integrated ecosystem.”
According to blockchain analytics firm PeckShield, the stolen crypto was immediately transferred to an “attack contract” – a smart contract that carries out the discovered exploit automatically and rapidly.
However, the attacker was apparently so pleased with the job that they forgot to remove $1 million in stolen cryptocurrency from their attack contract before setting it to self-destruct, ensuring that the money would be trapped.
The contract has a balance of $1,041,237.57 in BSC-USD Binance-Peg tokens that have been frozen in it since the attack. The successful self-destruction of the contract was confirmed at 7:15 a.m. UTC on Apr. 21, using a blockchain scanner to inspect the assault contract address.
This is not the first time that such an error has been made – in February of this year, an attacker left $300,000 behind in an Ethereum address after a successful heist – but it is by far the largest amount of money ever left behind in an attack.
It is also worth noting that, had the attacker remembered toremove the funds before setting the contract to self-destruct, they would have been able to walk away with over $1 million in cryptocurrency without a trace.
This highlights the importance of security in online transactions – even for those who are experienced in carrying out attacks.
Blockchain Exploits Continue
In contrast, other DeFi protocol hacks have resulted in hundreds of millions of dollars being stolen, including the recent Ronin bridge hack, which saw attackers steal over $600 million.
The Axie Infinity hack of 2022 also rattled the bones of blockchain supporters and P2E players after it was reported that the breacher stole around $200M. As an apology, the developers had to pay the users who were directly affected by this blunder. The developers have also issued a bug bounty of $1M to find out who stole the money and where they are located.
Even with the proud creation of web3 developers stating that blockchain is better and stronger than the current internet’s infrastructure, it is clearly shown that nobody is still safe from digital heists.
Cybersecurity organizations are still finding ways to improve the integrity of the blockchain defense so even if malicious attackers have the most advanced tools, they cannot easily seep through unaware users’ accounts.