Hacker bungles DeFi exploit: Leaves stolen $1M in contract set to self destruct

In a rare comedic bungle among DeFi exploits, an attacker has fumbled their heist at the finish line leaving behind over $1 million in stolen crypto.

Just after 8AM UTC on Thursday April 21st, blockchain security and analytics firm BlockSec shared it had detected an attack on a little known DeFi lending protocol called Zeed, which styles itself a “decentralized financial integrated ecosystem”.

The attacker exploited a vulnerability in the way the protocol distributes rewards, allowing them to mint extra tokens which were then sold, crashing the price to zero, but netting just over $1 million for the exploiter.

Blockchain analytics firm PeckShield noted the stolen crypto was transferred to an “attack contract”, a smart contract which automatically and quickly executes the found exploit.

However the attacker was apparently so excited by their successful heist that they forgot to transfer over $1 million worth of stolen crypto out of their attack contract before they set it to self-destruct, permanently and irreversibly ensuring the funds can never be moved.

Using a blockchain scanner to view the attack contract address shows that $1,041,237.57 worth of BSC-USD Binance-Peg token is forever stuck in the contract and the successful self-destruction of the contract was confirmed at 7:15AM UTC on April 21.

Related: Truth or fiction? Popular former hacker claims to have $7B in BTC

It’s one of the more bizarre turns of events since the Polygon hacker did an “Ask Me Anything” using embedded messages on Ethereum(ETH) transactions after stealing $612 million from the protocol in August 2021. The question and answer session revealed the attacker hacked “for fun” and thought “cross-chain hacking is hot.”

This latest hack is on the smaller end regarding the amount stolen, and other DeFi protocol hacks have seen hundreds of millions siphoned off as with the recent Ronin bridge hack where attackers made off with over $600 million.

Other notable DeFi exploits include the $80 million worth of crypto stolen from Qubit Finance in January where attackers tricked the protocol into believing they had deposited collateral, allowing them to mint an asset representing a bridged crypto.

DeFi marketplace Deus Finance was exploited in March when hackers manipulated the price feed of a pair of stablecoins resulting in the insolvency of user funds, netting the hackers over $3 million.

All Dutch and English crypto news!

Bitcoin shows ‘signs of exhaustion’ as Q1 BTC price gains near 70%

While there are reasons to be "very bullish" on Q2, the sheer speed of the Bitcoin and crypto bull market may be cause for concern,...

Binance entity HKVAEX withdraws Hong Kong license application post-deadline

The SFC website confirms that HKVAEX withdrew its license application nearly three months after the filing on Jan. 4, 2024. News Own this piece of crypto history Collect...

Bitcoin to attract $1T from institutions amid ‘raging bull market’ — Bitwise exec

Bitwise’s Matthew Hougan said the best advice he could give traders is to “keep calm and take the long view.” News Own this piece of crypto history Collect...

Investeringslegende: ‘Bitcoin koers kan met 110% stijgen’

Mark Yusko, de mede-oprichter en CEO van Morgan Creek Capital, verwacht dat Bitcoin binnen nu en een paar maanden voorbij het niveau van 100.000 dollar...

Beste exchanges

Koop je crypto bij Bitvavo