Hackers hit bZX DeFi platform, stealing millions of dollars of crypto

News
By published

DeFi platform says it is working with exchanges to track, free, and recover the funds

Cryptocurrencies
(Image credit: Pexels)

A phishing attack has led to a hacker getting their hands on cryptocurrency estimated to be worth about $55 million.

The spear-phishing attack on an employee of decentralized finance (DeFi) platform bZx, which allows users to borrow, loan, and speculate on cryptocurrency price variations, gave attackers two private keys that were used by the platform for its integration with the Polygon and Binance Smart Chain (BSC) blockchains.

“After gaining control of BSC and Polygon the hacker drained the BSC and Polygon protocol, then upgraded the contract to allow draining of all tokens that the contracts had given unlimited approval,” noted the platform in its initial investigation into the incident.

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window <<

While bZx is yet to comment on the amount of funds that have been stolen, reporting on the incident, blockchain security firm SlowMist estimates the figure will be north of $55 million, based on the malicious transactions it has detected.

Million dollar heist

According to the platform, it appears a bZx developer was sent a phishing email with a malicious macro in a Microsoft Word document, disguised as a legitimate email attachment. The tainted attachment ran a script that gave the attackers the developer’s personal mnemonic cryptocurrency wallet phrase.

The attack then escalated once the hackers got hold of the two private keys. In addition  to the developer’s funds, the attack has also impacted lenders, borrowers, and farmers with funds on Polygon and BSC, and those who had given unlimited approvals to those contracts. 

As the platform works to gather the specific list of wallets that were affected, it has disabled the ability to deposit new funds. bZx also said that it is working with various cryptocurrency exchanges to “track the attacker, and freeze, and potentially recover the stolen funds.”

In addition, the platform has also put out a message requesting the attacker to return the funds in lieu of a bounty, in the same vein as the PolyNetwork incident, which saw the hacker return all $600 million worth of stolen cryptos. 

Protect the computers in your network from such compromises with the help of these best endpoint protection tools

Mayank Sharma
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Read more
Ethereum
Hackers steal over $1bn in one of the biggest crypto thefts ever
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
Smartphone with new logo X twitter app background. Application twitter old blue bird change X black and white new.
Phishing campaign targets prominent X users, accounts at risk
North Korean flag with a hooded hacker
FBI says North Korean Lazarus hackers were behind $1.5 billion Bybit crypto hack
Close up of a person touching an email icon.
Top US mineral firm hit by cyberattack that saw thieves steal $500,000
Malware worm
Coordinated global mobile malware campaign targets banking apps and cryptocurrency platforms
Latest in Security
Hacker silhouette working on a laptop with North Korean flag on the background
North Korea unveils new military unit targeting AI attacks
An image of network security icons for a network encircling a digital blue earth.
US government warns agencies to make sure their backups are safe from NAKIVO security issue
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Veeam urges users to patch security issues which could allow backup hacks
UK Prime Minister Sir Kier Starmer
The UK releases timeline for migration to post-quantum cryptography
Representational image depecting cybersecurity protection
Cisco smart licensing system sees critical security flaws exploited
Latest in News
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 23 (game #1154)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Sunday, March 23 (game #385)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Sunday, March 23 (game #651)
Google Pixel 9 Pro Fold main display opened
Apple is rumored to be prioritizing battery life on the foldable iPhone – which could also feature a liquid metal hinge for added durability
Google Pixel 9
The Google Pixel 10 just showed up in Android code – and may come with a useful speed boost
L-mount alliance
Sirui joins L-Mount Alliance to deliver its superb budget lenses for Leica, DJI, Sigma and Panasonic cameras
More about security
Hacker silhouette working on a laptop with North Korean flag on the background

North Korea unveils new military unit targeting AI attacks

Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)

This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
Apple iPhone 16 on orange background with big savings text overlay

You can get a free iPhone 16 Pro Max without a trade at Verizon right now - with one minor catch
See more latest
Most Popular
Asus Vivobook 18
The Asus Vivobook 18 is the only affordable 18-inch laptop right now, and it comes with a powerful CPU no other laptop has
Peter Claffey as Ser Duncan the Tall in The Knight Of The Seven Kingdoms
A Knight Of The Seven Kingdoms: The Hedge Knight – everything we know so far about HBO's Game of Thrones prequel
Vinpower iXFlash and iXFlash Cube
This tiny 2TB USB Flash drive can both charge and backup your iPhone at the same time
Compal Adapt X modular laptop
One of the largest laptop manufacturers releases concept pictures of Adapt X, a modular laptop in the same vein as Framework
Anycubic foldable portable 3D printer
Anycubic may launch this gorgeous foldable portable 3D printer any day soon, and I can't wait to try it out
HP Fury G1i 18&quot;
'2-inches gets you 30% more screen': HP is pitching 18-inch laptop as the best new thing in tech
Framework Desktop
Framework's Desktop is selling like hot cakes; Ryzen Max+ 395, Max 383 batches are sold out with next shipment in Q3
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 23 (game #1154)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Sunday, March 23 (game #651)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Sunday, March 23 (game #385)