The crypto world was thrown into disarray after a hacker who successfully exploited a flaw in DeFi lending protocol Zeed appeared to have forgotten to withdraw over $1 million in loot.
Blockchain security platform PeckShield reported the Zeed community exploit, and apparently the exploit is tied to the vulnerability in the protocol’s reward distribution system.
This system allowed platform lenders to receive additional crypto token rewards, and the hacker exploited it to mint additional tokens within Zeed. The hacker profited over $1M in Binance-Peg (BSC-USD) tokens, with the whole situation lowering the platform’s token price to 0.
Following the exploit, the hacker moved all of the stolen tokens to a smart contract that had been predetermined. This type of contract is referred to as an ‘attack contract’ in crypto theft jargon.
The hacker, on the other hand, appears to have called the “self-destruct” function for the smart contract before removing the loot from it. The successful self-destruction of the contract was confirmed at 7:15 am UTC on Thursday.
While deleting the smart contract was intended to hide the trace of the exploit, the hacker While the hacker’s intention was to hide the exploit’s trace by erasing the smart contract before conducting the withdrawal, the hacker effectively lost the entire prize permanently.
Smart contracts can be programmed to withdraw funds to a wallet and then self-destruct to erase all traces of the contract’s code, making it easier for hackers to bury their trails.
The hacker seems to have terminated the chain on the contract in this case without instructing a withdrawal of the looted tokens, which PeckShield verified is now eternally lost.
According to numerous sources, the majority of the DeFi hacks, which have totaled millions of dollars in the last year, are caused by flaws in the platforms’ coding. This month itself apart from the Zeed exploit, Ola Finance and Beanstalk Farms got exploited by hackers due to vulnerabilities in their programming.