{"id":435455,"date":"2022-04-22T03:49:18","date_gmt":"2022-04-22T00:49:18","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/hacker-bungles-defi-exploit-leaves-stolen-1m-in-contract-set-to-self-destruct\/"},"modified":"2022-04-22T03:49:18","modified_gmt":"2022-04-22T00:49:18","slug":"hacker-bungles-defi-exploit-leaves-stolen-1m-in-contract-set-to-self-destruct","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/hacker-bungles-defi-exploit-leaves-stolen-1m-in-contract-set-to-self-destruct\/","title":{"rendered":"# Hacker bungles DeFi exploit: Leaves stolen $1M in contract set to self destruct"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a33736d42782\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a33736d42782\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/hacker-bungles-defi-exploit-leaves-stolen-1m-in-contract-set-to-self-destruct\/#%E2%80%9D_Hacker_bungles_DeFi_exploit_Leaves_stolen_1M_in_contract_set_to_self_destruct_%E2%80%9C\" >&#8221; Hacker bungles DeFi exploit: Leaves stolen $1M in contract set to self destruct &#8220;<\/a><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"%E2%80%9D_Hacker_bungles_DeFi_exploit_Leaves_stolen_1M_in_contract_set_to_self_destruct_%E2%80%9C\"><\/span>&#8221; Hacker bungles DeFi exploit: Leaves stolen $1M in contract set to self destruct &#8220;<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<p><img decoding=\"async\" src=\"https:\/\/images.cointelegraph.com\/images\/840_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjItMDQvZTViZTcyNzYtMTllOS00ZDQ5LTlmYjAtMjk2OTUzZDgzM2YzLmpwZw==.jpg\" \/><\/p>\n<div class=\"post-content\" data-v-2a0745c6>In a rare comedic bungle among DeFi exploits, an attacker has fumbled their heist at the finish line leaving behind over $1 million in stolen crypto.<\/p>\n<p>Just after 8AM UTC on Thursday April 21st, blockchain security and analytics firm BlockSec <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/BlockSecTeam\/status\/1517052623354232832\">shared<\/a> it had detected an attack on a little known DeFi lending protocol called Zeed, which styles itself a \u201cdecentralized financial integrated ecosystem\u201d.<\/p>\n<p>The attacker exploited a vulnerability in the way the protocol distributes rewards, allowing them to mint extra tokens which were then sold, <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/PeckShieldAlert\/status\/1517059481372626946\">crashing<\/a> the price to zero, but netting just over $1 million for the exploiter.<\/p>\n<p>Blockchain analytics firm PeckShield noted the stolen crypto was transferred to an \u201cattack contract\u201d, a smart contract which automatically and quickly executes the found exploit.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\"><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/hashtag\/PeckShieldAlert?src=hash&amp;ref_src=twsrc%5Etfw\">#PeckShieldAlert<\/a> It <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>ears that <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/zeedcommunity?ref_src=twsrc%5Etfw\">@zeedcommunity<\/a> suffered an exploit. The exploiter gained ~$1m. The gains currently sit in the attack contract. <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/bSHHGM623Q\">https:\/\/t.co\/bSHHGM623Q<\/a> <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/peckshield?ref_src=twsrc%5Etfw\">@peckshield<\/a> <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/jXVj0oGI8B\">https:\/\/t.co\/jXVj0oGI8B<\/a><\/p>\n<p>\u2014 PeckShieldAlert (@PeckShieldAlert) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/PeckShieldAlert\/status\/1517062566232879105?ref_src=twsrc%5Etfw\">April 21, 2022<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\nHowever the attacker was apparently so excited by their successful heist that they forgot to transfer over $1 million worth of stolen crypto out of their attack contract before they set it to self-destruct, permanently and irreversibly ensuring the funds can never be moved. <\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Interesting. The hacker kills the contract, but forgets to transfer the profit. <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/HbS2fiztuc\">https:\/\/t.co\/HbS2fiztuc<\/a> <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/uApZyK8Uym\">https:\/\/t.co\/uApZyK8Uym<\/a> <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/FwpZweNLHU\">pic.twitter.com\/FwpZweNLHU<\/a><\/p>\n<p>\u2014 PeckShield Inc. (@peckshield) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/peckshield\/status\/1517068883370250241?ref_src=twsrc%5Etfw\">April 21, 2022<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Using a blockchain scanner to view the attack contract <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/bscscan.com\/address\/0x05e55d051ac0a5fb744e71704a8fa4ee3b103374#tokentxns\">address<\/a> shows that $1,041,237.57 worth of BSC-USD Binance-Peg token is forever stuck in the contract and the successful self-destruction of the contract was confirmed at 7:15AM UTC on April 21.<\/p>\n<p><strong><em>Related: <\/em><\/strong><strong><em>Truth or fiction? Popular former hacker claims to have $7B in BTC<\/em><\/strong><\/p>\n<p>It&#8217;s one of the more bizarre turns of events since the Polygon hacker did an \u201cAsk Me Anything\u201d using embedded messages on Ethereum(ETH) transactions after stealing $612 million from the protocol in August 2021. The question and answer session revealed the attacker hacked \u201cfor fun\u201d and thought \u201ccross-chain hacking is hot.\u201d<\/p>\n<p>This latest hack is on the smaller end regarding the amount stolen, and other DeFi protocol hacks have seen hundreds of millions siphoned off as with the recent Ronin bridge hack where attackers made off with over $600 million.<\/p>\n<p>Other notable DeFi exploits include the $80 million worth of crypto stolen from Qubit Finance in January where attackers tricked the protocol into believing they had deposited collateral, allowing them to mint an asset representing a bridged crypto.<\/p>\n<p>DeFi marketplace Deus Finance was exploited in March when hackers manipulated the price feed of a pair of stablecoins resulting in the insolvency of user funds, netting the hackers over $3 million.\n<\/p><\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">News<\/a> articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/general\/\" target=\"_blank\" rel=\"noopener\">General category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/cointelegraph.com\/news\/hacker-bungles-defi-exploit-leaves-stolen-1m-in-contract-set-to-self-destruct\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8221; Hacker bungles DeFi exploit: Leaves stolen $1M in contract set to self destruct &#8220; In a rare comedic bungle among DeFi exploits, an attacker has fumbled their heist at the finish line leaving behind over $1 million in stolen crypto. Just after 8AM UTC on Thursday April 21st, blockchain security and analytics firm BlockSec&#8230;<\/p>\n","protected":false},"author":1,"featured_media":435456,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/images.cointelegraph.com\/images\/1200_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjItMDQvZTViZTcyNzYtMTllOS00ZDQ5LTlmYjAtMjk2OTUzZDgzM2YzLmpwZw==.jpg","fifu_image_alt":"","footnotes":""},"categories":[1],"tags":[97532,74868,74882,77595,75434,90498,70944,72287],"class_list":["post-435455","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-bsc","tag-defi","tag-hacks","tag-lending","tag-smart-contracts","tag-smartcontracts","tag-hackers","tag-security"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/435455","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=435455"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/435455\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/435456"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=435455"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=435455"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=435455"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}