Highlights:
- Crypto lender Shezmu successfully recovered nearly $5 million in assets after a recent hacking breach.
- The team gave the attacker 24 hours to return the stolen funds and offered a 10% bounty reward.
- In negotiations, the hacker persuaded Shezmu to increase the bounty to 20%.
Crypto lender Shezmu successfully recovered nearly $5 million in digital assets just hours after a hacking incident. On Sept. 21, Chaofan Shou, co-founder of blockchain analytics firm Fuzzland, warned that Shezmu’s storage vault had been compromised. It’s unclear whether the incident was intentional or a genuine hack. However, Shou confirmed that about $4.9 million in cryptocurrency was stolen.
Advertisement
.@ShezmuTech has been hacked / rugged. ~$4.9M worth of $ShezUSD stolen.
One of their vaults used collateral that can be minted by anyone. With the free collateral, the attacker can borrow an arbitrary amount of $ShezUSD. pic.twitter.com/eR0bH5rTV2
— Chaofan Shou (@shoucccc) September 20, 2024
Hacker Persuades Shezmu to Increase Bounty to 20%
Shezmu later confirmed that its ShezmuUSD (ShezUSD) stablecoin vault was attacked and urged the hacker to return the funds in exchange for a bounty without legal consequences. The team gave the attacker 24 hours to return the funds with a 10% bounty and warned that failure to meet the deadline would result in legal action.
After an on-chain discussion with the hacker, the team recovered 80% of the stolen funds into its treasury. They reminded the hacker that his wallet was linked to a KYC exchange, stating that returning the funds would classify the incident as a white-hat hack. The caution appeared to motivate the hacker, who replied hours later and demanded a 20 % bounty, which Shezmu accepted.
Within hours, Shezmu started receiving the stolen Dai (DAI) in its wallet. The hacker initially returned 282.18 Ether (ETH) to the protocol, followed by an additional refund of 137 Wrapped Ether (WETH). However, not all funds had been recovered at the time of writing. The Shezmu team advised investors to avoid interacting with the protocol’s Oasis vault until more updates are available.
Update: An additional 137 WETH was recovered from the shezUSD white hat and returned to the Shezmu Treasury!https://t.co/K2AnPkme9F
As we continue to recover the remaining funds, please do not interact with Oasis until further updates. Thank you for your continued support
— Shezmu (@ShezmuTech) September 21, 2024
Meanwhile, Web3 security firm Ancilia, Inc. reported that Shezmu’s ShezETH token had been attacked, potentially due to a key leak. This incident led to the unauthorized minting of 9,900 ShezETH tokens, which were subsequently traded for 332 ETH, totaling approximately $880,000. ShezmuUSD was also compromised, possibly linked to the same key leak, although details about this remain uncertain.
Recent Hacks Raise Concerns About Crypto Security and Regulatory Effectiveness
On September 20, 2024, the Singapore-based BingX cryptocurrency exchange became the third major Asian exchange this year to suffer a cyberattack, with hackers stealing over $52 million from its hot wallets. This incident, following similar breaches at Indodax and WazirX, has raised renewed concerns about the effectiveness of regulatory frameworks in ensuring robust cybersecurity within the crypto sector.
WazirX has not tracked its $235 million in stolen funds 60 days after the hack. The exchange has not acknowledged the breach and continues to blame its custodian, Liminal, for the loss of the funds. In response, Liminal announced on September 9 that it underwent an independent audit by multinational professional services firm Grant Thornton, refuting WazirX’s claims.
Most recently, WazirX faced legal threats from its customers, including a significant challenge from rival Indian crypto exchange CoinSwitch. CoinSwitch initiated legal action against WazirX to recover 2% of its funds, totaling around $6.2 million.
Advertisement
