DeFi bZx Losses $55M After its Developer’s Private Key Was Compromised In A Phishing Attack


Trading and lending platform bZx suffered an exploit of $55 million in yet another round of compromise.

The decentralized finance (DeFi) protocol reported on Friday that the private key controlling the project’s deployments on Polygon and Binance Smart Chain (BSC) was compromised, leading to the loss of funds. The Ethereum deployment, however, is not impacted and continues to function normally.

“The Ethereum contracts and treasury remains safe. Roughly 25% of this figure is personal losses from the team wallet that was compromised.”

As a precaution, bZx has temporarily disabled the UI on BSC and Polygon. If anyone has approved any tokens to the bZx contracts on Polygon or BSC, they are asked to revoke their approvals as soon as possible.

The bZx team noted that the decentralized autonomous organization (DAO) treasury has funds significantly above the impact of the incident, and they will have a community vote to use the funds from the treasury as a backstop to make victims whole.

Blockchain security firm SlowMist alerted that these funds were siphoned from the project and kept in seven separate addresses.

In its post mortem, the project noted that a bZx developer had his personal wallet’s private keys stolen in a phishing attack.

Because, unlike Ethereum, the BSC and Polygon implementation administrative private keys haven’t been transferred to the DAO yet, the hacker used the private key to gain access to the individual developer’s personal funds and the bZx deployment on BSC and Polygon.

The hacker then was able to upgrade the contract and attack the protocol and funds held within it.

Overall, the bZx developer was not the only one affected; lenders, borrowers, and yield farmers with funds on Polygon and BSC and those who had given unlimited approvals to those contracts.

In response, the token BZRX dropped about 21% to $0.378. As of writing, the $131 million market cap cryptocurrency is trading at $0.385.

However, this wasn’t the first time the project suffered an attack, as on three other occasions [1st hack, 2nd hack, 3rd hack], it was hacked. During the recent exploit in September 2020, the project lost over $8 million, but it claims to have “recovered” all of the funds.

“Any attack on crypto is bad for everyone. This is not about one project against another. It's about crypto in general against the rest of the world. Any failure goes to the expense of the entire crypto community. Let's stand together and show the world that we are capable of shaping the future.”

Get Daily Headlines

Enter Best Email to Get Trending Crypto News & Bitcoin Market Updates

What to Know More?

Join Our Telegram Group to Receive Live Updates on The Latest Blockchain & Crypto News From Your Favorite Projects

Join Our Telegram

Stay Up to Date!

Join us on Twitter to Get The Latest Trading Signals, Blockchain News, and Daily Communication with Crypto Users!

Join Our Twitter

Add comment

E-mail is already registered on the site. Please use the Login form or enter another.

You entered an incorrect username or password

Sorry, you must be logged in to post a comment.
Bitcoin Exchange Guide