Decentralized finance is one of the biggest and most important developments in recent years. People have the opportunity, independently of traditional financial institutions, to manage their assets themselves and, with the help of tokens, to send assets all over the world. But this independence also brings with it dangers that are unfortunately no longer a secret. Because there are always attacks in which investors lose the money they have saved.
bZx: DeFi on Ethereum, BSC and Polygon
As it became known yesterday, there has now been another major phishing scam in the DeFi sector, which is making headlines. The protocol called bZx, which offers decentralized finance via Ethereum, Binance Smart Chain and Polygon, was attacked on November 5th. As the team reports, more than $ 55 million was stolen. But it was not, as is often the case, a hacker attack. Because as the bZx team reports on Twitter, the private keys of a developer were stolen and thus gained access to the Wallest.
The attack affects BSC and Polygon, bZx on Ethereum was not affected by the attack, as it says on Twitter:
The incident today was NOT a protocol hack. It was a phishing attack on a bZx dev.
bZx on Ethereum is not compromised, only BSC + Polygon.
Our treasury is robust and our community will decide a compensation package.
Investigation ongoing. Read more👇https://t.co/uLIO8K9QDZ
- bZx - Fulcrum & Torque (on ETH / BSC / Polygon) (@bZxHQ) November5st
Why weren't any funds stolen on Ethereum? This is because the private keys for Ethereum are already securely stored via a DAO and are therefore completely decentralized. This was planned for Binance Smart Chain and Polygon, but has not yet been carried out.
Attack on wallets that did not have a spending limit
The attacker used the private key of the bZx developer on the funds that were invested via the Binance Smart Chain and Polygon. This is frightening, but unfortunately not uncommon and not a novelty in the crypto market. But what might be frightening for many is the fact that wallets were also attacked by investors who had not set a spending limit for the bZx application:
In the statement it says:
A limited number of users who had approved the unlimited spend had funds stolen from their wallet.
Therefore, special care must be taken as to which DeFi apps you give access to your wallet. And even if this is done, it is important to set a limit to prevent such incidents.
The full statement by the bZx team can be found here: https://bzx.network/blog/prelminary-post-mortem
In the crypto sector, however, not only tokens are stolen. The wallet manufacturer Ledger made headlines after over a million customer data was stolen:
Photo credit: pixabay.com