$55M Stolen from Crypto Company

$55M Stolen from Crypto Company

Cyber-criminals have siphoned an estimated $55m from decentralized finance (DeFi) lending protocol bZx.

The crypto company said that the theft occurred on Friday after one of its developers was taken in by a phishing attack and unwittingly gave up the details of some private keys. 

The phishing email was sent to the victim’s personal computer with a malicious macro in a Word document that was disguised as a legitimate email attachment.

“This attack granted the hacker access to the content of the bZx developer’s wallet, and also the private keys to the BSC and Polygon deployment of bZx Protocol,” said bZx.

“After gaining control of BSC and Polygon the hacker drained the BSC and Polygon protocol, then upgraded the contract to allow draining of all tokens that the contracts had given unlimited approval.”

In a tweet issued on November 5, bZx said: “The incident today was NOT a protocol hack. It was a phishing attack on a bZx dev.”

While an investigation into the attack is ongoing, a preliminary postmortem regarding the incident was issued by bZx earlier today.

“A bZx developer had his personal wallet’s private keys taken in a phishing attack. The phishing attack was similar to one that affected another user recently

Read More: https://www.infosecurity-magazine.com/news/55m-stolen-from-crypto-company/