By Philip Maina
9 hours agoFri May 26 2023 10:13:46
Reading Time: 2 minutes
- DeFi platform WDZD Swap has lost over $1 million to an exploiter known as Fake_Phishing 750 on BSCScan
- The attacker drained 609 ETH bridged to BNB Smart Chain (BSC) in 10 transactions
- The exploiter is also responsible for siphoning funds from another DeFi platform known as Swap X
DeFi platform WDZD Swap has lost over $1 million to an exploiter known as Fake_Phishing on BSCScan, and who’s responsible for siphoning funds from another DeFi platform known as Swap X. According to blockchain security firm CertiK, the attacker drained 609 ETH bridged to BNB Smart Chain (BSC) from the platform and transferred the funds in 10 transactions. However, although the platform claims to be a BSC-powered DeFi protocol, CertiK was unable to unearth all of its inner workings and hence unable to comprehensively document how the exploit happened.
IDO Funds Deposited to a Liquidity Pool
According to CertiK, the DeFi platform conducted an IDO (initial dex offering) which may have put the project under the management of users. However, funds collected during the IDO were channeled to a liquidity pool at a Swap LP address on BSC.
The malicious actor created another contract that he used to drain funds from the Swap LP contract. Due to a lack of sufficient information on how the platform works, the security platform noted that the attacker may have swapped the protocol’s WDZD tokens for LP tokens which they later converted to ETH.
DeFi Protocols Should Obey the Law
The exploit comes in the wake of growing concerns from regulators like the U.S. Treasury who want tighter controls on DeFi protocols. Other players like the U.S. Department of Justice (DOJ) have formed a new outfit mandated to bring DeFi platforms to obey the law.
With some hackers agreeing to return part of the stolen funds, it’s unclear whether WDZD will reach out to the attacker or engage security agencies like the FBI in an attempt to recover the funds.
A malicious actor may have recently stolen more than $1 million worth of cryptocurrency from the WDZD Swap protocol, an Ethereum-based decentralized trading platform.
The WDZD Swap protocol allows traders to swap Ethereum tokens for stablecoins without having to trust a third party. However, on July 29, 2020, it was discovered that the Ethereum smart contract behind WDZD Swap had a serious vulnerability that allowed attackers to drain the protocol of funds.
The bug exploited a loophole in the protocol’s code that allowed the attackers to mint ERC-20 tokens by sending a simple transaction to the address of the smart contract. As a result, they were able to siphon off funds from the protocol without authorization.
The exact amount stolen is yet to be determined, but the WDZD team estimates that it could be as high as $1 million worth of Ethereum-based tokens.
The WDZD Swap protocol has been taken offline while the team investigates the breach and attempts to fix the loophole that allowed the exploit. In the meantime, the team has issued an alert and is encouraging all users to move their tokens to safe wallets to ensure their funds are secure.
The WDZD team is also working with relevant authorities to trace the breach and identify the perpetrator. However, as of yet there has been no definitive news on who was responsible for the exploit or the whereabouts of the stolen funds.
Given the severity of this one-time breach, the WDZD team is putting in extra measures to patch the vulnerability and make sure this doesn’t happen again. In the meantime, users are strongly advised to exercise caution when dealing with decentralized protocols and to take extra care when it comes to the security of their funds.