CarderPlanet
Professional
A hacker stole $ 55 million in cryptocurrency from the bZx DeFi platform, which allows users to borrow and lend and speculate on fluctuations in cryptocurrencies.
According to bZx representatives, the platform developer received a phishing email containing a Word document with malicious macros disguised as a legitimate attachment. After opening a malicious attachment on the developer's computer, a script was launched that compromised the mnemonic phrase for accessing his cryptocurrency wallet.
The attacker emptied the developer's wallet and stole two private keys used to integrate the bZx platform with the Polygon and Binance Smart Chain (BSC) blockchains. Using these keys, the hacker stole bZx funds from Polygon and BSC, along with funds from a small number of users who approved unlimited spending transactions for both tokens in their accounts.
According to bZx representatives, the platform is currently still trying to establish the exact amount of the stolen funds. However, cybersecurity firm SlowMist estimates that it is in excess of $ 55 million.
In the aftermath of the incident, bZx disabled its site's user interface to block users from depositing new funds. In addition, the platform cooperates with various cryptocurrency exchanges in order to track down the attacker and freeze the funds stolen by them.
Among other things, bZx approached the hacker, inviting him to contact representatives of the platform and discuss the possibility of returning the stolen cryptocurrency for a reward.
bZx hopes to repeat the story of PolyNetwork, when a hacker recovered all of the $ 600 million stolen from the platform.
