Shezmu Hack Unveiled: How $5M Was Stolen and Partially Recovered
Shezmu, a DeFi protocol, was recently exploited in a heist that saw the thief relieve the contract of $5 million through a disused vulnerability on the contract’s vault system. The protocol switched to bargaining with the hacker and managed to reclaim the bigger percentage of the stolen amount. Here’s how the incident unfolded:
The vulnerability: ShezUSD borrowing without restriction
The attack happened when the hacker misused a vulnerability in one of Shezmu’s vaults which enabled him to mint collateral without any restrictions. This was while the attacker was able to take as many ShezUSD loans as possible and siphoned about $5 million from the platform.
Negotiation with the hacker
Subsequently, Shezmu started interacting with the hacker and offered a 10% bonus in case the tokens were returned. The hacker counter-ed with a demand for 20% and Shezmu agreed. This placed the situation in what can be termed a white hat kind of settlement since there was no more continued loss as well as no legal complaints.
Recovery of stolen funds
In less than a day, the hacker started to return the stolen asset, first, it was DAI alongside, 419.18 ETH including wETH. Shezmu has since provided assurance of recovery of all the remaining funds and the recovery of the stolen capital.
However, in the strategy regarding the hack, Shezmu has outlined what would be done to support the impacted LPs in a clear manner. Screenshots of LPs holding ShezUSD and ShezETH paired assets with tokens on Curve, balancer, and Beefy would be taken.
These lost LPs will be rewarded with an airdrop of the regained funds that will make up 80 per cent of the lost liquidity. As for the remaining 20%, Shezmu will sell its debt tokens, which will be redeemed by protocol fees and treasury assets.
Apart from the recovery, Shezmu has activated the recovery mode for its Balancer ShezETH pool which means LPs can withdraw their quantities in proportion to investment but cannot deposit or swap on the pool. The protocol will soon publish a post-mortem report of the incident and measures it is taking to safer future exercises.