A Smaller but Comedic Exploit to Zeed - The Exploiter's Goof - News Brief
So this exploit is on the lower end of the value scale weighing in at only about $1 Million. But that ain't what makes this one news my friends. What makes it news is the comedic blunder occasioned by the exploiter as he/she reached the finish line of the nefarious act.
Around 08:00 UTC today (Thursday, April 21, 2022), BlockSec, a blockchain security and analytics concern, reported detection of an attack on Zeed (a DeFi Lending Platform). "The attacker exploited a vulnerability in the way the protocol distributes rewards, allowing them to mint extra tokens which were then sold, crashing the price to zero, but netting just over $1 million for the exploiter" [Coghlan, J. Hacker bungles DeFi exploit: Leaves stolen $1M in contract set to self destruct. (Accessed April 21, 2022)].
Ok, so crashing a token's value to zero and stealing $1 Million is not funny...but
For some unknown reason (although one could suspect it was excitement driven resulting from the unexpected success of the evil deed), the exploiter failed to transfer the ill-gotten funds from their attack smart contract before they set the contract to self-destruct. By setting an attack contract to self destruct ensures that the subject funds can never be moved. OOPs!!!!
Using a blockchain scanner to view the attack contract address shows that $1,041,237.57 worth of BSC-USD Binance-Peg token is forever stuck in the contract and the successful self-destruction of the contract was confirmed at 7:15AM UTC on April 21.
[Id].
Posted Using LeoFinance Beta
