Lawrence Damilola
Decentralized finance (DeFi) protocol Shezmu has recovered almost $5 million in stolen cryptocurrency after negotiating with a hacker.
Last Thursday, Chaofan Shou, co-founder of blockchain analytics firm Fuzzland, alerted the crypto community to a security breach in one of Shezmuβs storage vaults. Shou confirmed that around $4.9 million in ShezmuUSD (ShezUSD) stablecoin had been stolen. It was initially unclear if the incident was a hack or a rug pull.
.@ShezmuTech has been hacked / rugged. ~$4.9M worth of $ShezUSD stolen.
— Chaofan Shou (@shoucccc) September 20, 2024
One of their vaults used collateral that can be minted by anyone. With the free collateral, the attacker can borrow an arbitrary amount of $ShezUSD. pic.twitter.com/eR0bH5rTV2
Shezmu acted quickly and reached out to the hacker via an on-chain message, offering a 10% bounty in exchange for the return of the funds. “We are requesting the return of 90% of the stolen funds within the next 24 hours,” Shezmu stated, warning that law enforcement would be involved if the hacker did not comply. The hacker responded by asking for a 20% bounty instead, stating, βSure we can talk about the refund, but only considering 20% as bounty.β
Dear White Hat,
The Shezmu team is offering a 10% bounty of the exploited funds, provided that the remaining funds are returned within the next 24 hours. If the funds are not refunded within this time frame, we will escalate the matter through legal channels.β¦Related: Shytoshi Kusama Schedules New Livestream Following Inaugural Broadcast
— Shezmu (@ShezmuTech) September 20, 2024
Shezmu Agrees to Hackerβs Demands
After receiving the hackerβs response, Shezmu agreed to the 20% bounty, ensuring that no legal action would be taken if the funds were returned. Within hours, the hacker started to return the stolen assets, including 282.18 Ether (ETH) and 137 Wrapped Ether (WETH). The Shezmu team confirmed that the funds were being refunded and continued working on recovering the remaining assets.
Update: An additional 137 WETH was recovered from the shezUSD white hat and returned to the Shezmu Treasury!https://t.co/K2AnPkme9F
— Shezmu (@ShezmuTech) September 21, 2024
As we continue to recover the remaining funds, please do not interact with Oasis until further updates. Thank you for your continued support
βWe have already received a substantial amount of the stolen funds,β Shezmu stated, confirming the ongoing recovery process. At the time of writing, some funds were still outstanding, and Shezmu urged investors to limit interactions with its Oasis vault until the situation was fully resolved.
Shezmu also revealed its full reimbursement plan for its users, including allocating airdrops to affected users.
Related: What Now Shibarium? Buterin Rips Up L2s, Calls For a ‘New Path’ Beyond Lazy Chains
Over the coming days, hereβs what you can expect as part of our comprehensive recovery and reimbursement plan:
— Shezmu (@ShezmuTech) September 22, 2024
1. Snapshot of Impacted LPs:
A snapshot of all Beefy, Curve, Balancer, and Aura LPs holding ShezUSD and ShezETH paired assets will be taken to assess the impact andβ¦
In comparison, Indian crypto exchange WazirX has made little progress in recovering $230 million in stolen funds 60 days after being hacked. WazirX has not officially admitted to the breach; instead, it blames its custodian, Liminal, for the loss. However, Liminal has refuted the claims, stating in a report, βAn independent audit found no evidence that the cyberattack originated from Liminalβs systems.β
Shezmuβs quick negotiation led to a partial recovery, while WazirX continues to face challenges in tracking down its missing assets.
Read More
- BingX Exchange Suffers $26 Million Hack, Suspends Withdrawals
- Another Security Breach: Decentraland X Account Compromised
- Indiaβs WazirX Exchange Breached, Hacker Siphons Off $230M in Crypto
LAWRENCE
Lawrence is a cryptocurrency journalist covering blockchain developments and digital assets.
