Shezmu recupera fondos criptográficos pirateados negociando con el hacker

El prestamista de criptomonedas Shezmu ha logrado recuperar activos por valor de casi 5 millones de dólares después de perderlos hoy en una infracción de piratería informática.

Chaofan Shou dio la alarma a X de que la bóveda de almacenamiento del prestamista había sido comprometida, e insinuó que no es seguro si se trata de un hackeo genuino o de un robo de alfombra. Chaofan mencionó que en el ataque se robó el token $ShezUSD por valor de $4,9 millones.

. @ShezmuTech ha sido pirateado/robusto. Robo de ~$4,9 millones en $ShezUSD.

Una de sus bóvedas utilizaba garantías que cualquiera podía acuñar. Con la garantía gratuita, el atacante puede pedir prestada una cantidad arbitraria de $ShezUSD. pic.twitter.com/eR0bH5rTV2

– Chaofan Shou (@shoucccc) 20 de septiembre de 2024

Later, in another X post, the lender’s team confirmed that its ShezmuUSD stablecoin vault was exploited and the funds were lost. The company urged the attackers to return the funds in exchange for a bounty and promised that no legal repercussions would follow the attack.

The team gave the attacker 24 hours to return the funds, with a 10% bounty reward. It also mentioned that failure to return the funds in the designated time frame will prompt the team to escalate the matter legally.

The hacker convinced Shezmu to raise the bounty to 20%

Following an on-chain discussion with the hacker, the team received 80% of the stolen funds back into its treasury. The team reminded the hacker that his wallet is linked to a KYC exchange, and if the hacker returns the funds, the incident will be considered a white-hat hack.

Negotiations between the Shezmu team and the hacker. Source: Etherscan

A few hours after the incident, the team received the stolen Dai tokens in the wallet. At first, the hacker sent 282.18 Ether, followed by 137 WETH.

Update: An additional 137 WETH was recovered from the shezUSD white hat and returned to the Shezmu Treasury!https://t.co/K2AnPkme9F

As we continue to recover the remaining funds, please do not interact with Oasis until further updates. Thank you for your continued support

— Shezmu (@ShezmuTech) September 21, 2024

The team has urged its investors and users of the protocol to avoid interacting with the platform’s Oasis vault for now, until further notice.

In a similar event, WazirX, an Indian crypto exchange, reportedly got hacked recently, resulting in the loss of $230 million worth of funds. However, the exchange has not done much to track down the funds. Furthermore, WazirX did not formally accept that it was hacked and blamed its custodian for the loss of funds.

Recently, the exchange ended up receiving legal threats from customers, including another rival exchange called CoinSwitch.

Fuente