- I use this cheap Android tablet more than my iPad Pro - and don't regret it
- Change these 10 iOS settings right now to instantly get better iPhone battery life
- How to clear the cache on your Windows 11 PC (and why you shouldn't wait to do it)
- These Sony headphones deliver premium sound and comfort - without the premium price
- The LG soundbar I prefer for my home theater slaps with immersive audio - and it's not the newest model
$55M Stolen from Crypto Company
Cyber-criminals have siphoned an estimated $55m from decentralized finance (DeFi) lending protocol bZx.
The crypto company said that the theft occurred on Friday after one of its developers was taken in by a phishing attack and unwittingly gave up the details of some private keys.
The phishing email was sent to the victim’s personal computer with a malicious macro in a Word document that was disguised as a legitimate email attachment.
“This attack granted the hacker access to the content of the bZx developer’s wallet, and also the private keys to the BSC and Polygon deployment of bZx Protocol,” said bZx.
“After gaining control of BSC and Polygon the hacker drained the BSC and Polygon protocol, then upgraded the contract to allow draining of all tokens that the contracts had given unlimited approval.”
In a tweet issued on November 5, bZx said: “The incident today was NOT a protocol hack. It was a phishing attack on a bZx dev.”
While an investigation into the attack is ongoing, a preliminary postmortem regarding the incident was issued by bZx earlier today.
“A bZx developer had his personal wallet’s private keys taken in a phishing attack. The phishing attack was similar to one that affected another user recently named ‘mgnr.io’,” said bZx in the postmortem.
The company said its initial investigation had determined that the Ethereum deployment of bZx protocol is safe and that the Ethereum bZx protocol itself wasn’t exploited.
“Since bZx Protocol on Ethereum is governed by a DAO, the Ethereum implementation was not affected. Ethereum Governance is also unaffected,” said the company.
The company said that it is still gathering data on the specific wallets that were affected by the attack. However, it confirmed that the incident has affected the bZx developer and lenders, borrowers, and farmers with funds on Polygon and BSC, plus individuals who had given unlimited approvals to those contracts.
All funds contained in the wallet of the phished developer were drained. Funds were also removed from the BSC and Polygon implementation of the protocol.
The company said that its “treasury is robust” and that its “community will decide a compensation package.”
