The hacker behind a recent DeFi exploit appears to have forgotten to transfer the stolen funds out of the attack contract.
What Happened: DeFi lending protocol Zeed YEED/USD was the victim of the latest exploit where bad actors managed to extract funds from the protocol by exploiting a vulnerability in the code.
The exploit resulted in the price of YEED crashing to zero and the hacker gaining $1 million in profit.
#PeckShieldAlert It appears that @zeedcommunity suffered an exploit. The exploiter gained ~$1m. The gains currently sit in the attack contract. https://t.co/bSHHGM623Q @peckshield https://t.co/jXVj0oGI8B
— PeckShieldAlert (@PeckShieldAlert) April 21, 2022
Blockchain security firm PeckShield pointed out the attacker had not transferred the funds out of the attack contract before calling the “self-destruct” function. Essentially, this means that the stolen cryptocurrency is permanently and irreversibly stuck in the attack contract.
Interesting. The hacker kills the contract, but forgets to transfer the profit. https://t.co/HbS2fiztuc https://t.co/uApZyK8Uym pic.twitter.com/FwpZweNLHU
— PeckShield Inc. (@peckshield) April 21, 2022
See Also: A Person Behind $611M DeFi Hack Reveals Their Identity In Careless Mistake
What Else: DeFi exploits are a somewhat common occurrence in the crypto space. Earlier this week, Ethereum ETH/USD based DeFi protocol Beanstalk Farms saw $182 million worth of funds drained from its platform.
The attackers executed a flash loan exploit and made a profit of $80 million. The majority of stolen funds were sent to be laundered through coin mixing tool Tornado Cash TORN/USD, while $250,000 was sent to Ukraine’s crypto donation wallet address.
Read Next: BEST DEFI YIELD FARMS
© 2024 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.
Comments
Trade confidently with insights and alerts from analyst ratings, free reports and breaking news that affects the stocks you care about.