Shezmu Retrieves Stolen Crypto Following Vault Exploit

Decentralized finance (DeFi) protocol Shezmu has recovered almost $5 million in stolen cryptocurrency after negotiating with a hacker.

Last Thursday, Chaofan Shou, co-founder of blockchain analytics firm Fuzzland, alerted the crypto community to a security breach in one of Shezmu’s storage vaults. Shou confirmed that around $4.9 million in ShezmuUSD (ShezUSD) stablecoin had been stolen. It was initially unclear if the incident was a hack or a rug pull.

.@ShezmuTech has been hacked / rugged. ~$4.9M worth of $ShezUSD stolen.

One of their vaults used collateral that can be minted by anyone. With the free collateral, the attacker can borrow an arbitrary amount of $ShezUSD. pic.twitter.com/eR0bH5rTV2
— Chaofan Shou (@shoucccc) September 20, 2024

Shezmu acted quickly and reached out to the hacker via an on-chain message, offering a 10% bounty in exchange for the return of the funds. “We are requesting the return of 90% of the stolen funds within the next 24 hours,” Shezmu stated, warning that law enforcement would be involved if the hacker did not comply. The hacker responded by asking for a 20% bounty instead, stating, “Sure we can talk about the refund, but only considering 20% as bounty.”

Dear White Hat,

The Shezmu team is offering a 10% bounty of the exploited funds, provided that the remaining funds are returned within the next 24 hours. If the funds are not refunded within this time frame, we will escalate the matter through legal channels.…
— Shezmu (@ShezmuTech) September 20, 2024

Shezmu Agrees to Hacker’s Demands

After receiving the hacker’s response, Shezmu agreed to the 20% bounty, ensuring that no legal action would be taken if the funds were returned. Within hours, the hacker started to return the stolen assets, including 282.18 Ether (ETH) and 137 Wrapped Ether (WETH). The Shezmu team confirmed that the funds were being refunded and continued working on recovering the remaining assets.

Update: An additional 137 WETH was recovered from the shezUSD white hat and returned to the Shezmu Treasury!https://t.co/K2AnPkme9F

As we continue to recover the remaining funds, please do not interact with Oasis until further updates. Thank you for your continued support
— Shezmu (@ShezmuTech) September 21, 2024

“We have already received a substantial amount of the stolen funds,” Shezmu stated, confirming the ongoing recovery process. At the time of writing, some funds were still outstanding, and Shezmu urged investors to limit interactions with its Oasis vault until the situation was fully resolved.

Shezmu also revealed its full reimbursement plan for its users, including allocating airdrops to affected users.

Over the coming days, here’s what you can expect as part of our comprehensive recovery and reimbursement plan:

1. Snapshot of Impacted LPs:
A snapshot of all Beefy, Curve, Balancer, and Aura LPs holding ShezUSD and ShezETH paired assets will be taken to assess the impact and…
— Shezmu (@ShezmuTech) September 22, 2024

In comparison, Indian crypto exchange WazirX has made little progress in recovering $230 million in stolen funds 60 days after being hacked. WazirX has not officially admitted to the breach; instead, it blames its custodian, Liminal, for the loss. However, Liminal has refuted the claims, stating in a report, “An independent audit found no evidence that the cyberattack originated from Liminal’s systems.”

Shezmu’s quick negotiation led to a partial recovery, while WazirX continues to face challenges in tracking down its missing assets.

Lawrence does not hold any crypto asset. This article is provided for informational purposes only and should not be construed as financial advice. The Shib Magazine and The Shib Daily are the official media and publications of the Shiba Inu cryptocurrency project. Readers are encouraged to conduct their own research and consult with a qualified financial adviser before making any investment decisions.

Post Views: 313