Recently, the DeFi protocol Unizen experienced a hacking incident, resulting in damages of approximately 2 million USD. This event simultaneously raises challenging questions about security in the DeFi space, particularly concerning attacks on core platforms, including PlayDapp.
Unizen Addresses Smart Contract Vulnerability
To address this issue, the blockchain cybersecurity company PeckShield identified a significant “external call vulnerability” in one of Unizen’s smart contracts. This loophole allows malicious actors unauthorized access to execute commands, leading to asset theft. In an effort to minimize risks, PeckShield suggests that Unizen revoke approvals related to a specific transaction-executing company, especially since the attacker converted the stolen funds into a different cryptocurrency that has yet to be transferred.
This “external call vulnerability” poses a substantial security risk, enabling external parties to manipulate data or withdraw funds by executing unintended functions within the smart contract.
Dear unizen community,
After an arduous weekend, we have made the strategic decision to make over 99% of those affected from our community completely whole with immediate effect.
Our CEO / Founder, Sean Noga, has decided to loan Unizen the majority of the immediate… pic.twitter.com/d9GyaH3j8Y
— unizen (@unizen_io) March 11, 2024
The Unizen team has exerted substantial efforts to enhance the platform’s security and address the aftermath of the recent hacking incident. In order to compensate affected users, Unizen’s CEO, Sean Noga, has pledged to utilize personal funds to cover 99% of the losses, with reimbursements conducted in either USDT or USDC. Details regarding the timeline for these reimbursements are yet to be determined.
“Our CEO and Founder, Sean Noga, has decided for Unizen to borrow a significant amount from his personal fund to immediately offset with a 0% interest rate, ensuring our operations continue… All wallets compromised with amounts under 750 thousand USD will be reimbursed as soon as possible,” Unizen announced.
Specializing in decentralized trading, Unizen provides diverse access to various DeFi protocols, liquidity pools, and financial services. Noteworthy for its cross-chain interaction capabilities, the platform enables users to connect with numerous Web3 applications through a unified exchange tool.
The 2 million USD hacking incident underscores the security challenges prevalent in the DeFi ecosystem. Particularly, February witnessed several DeFi platforms becoming targets of smart contract exploitation attacks, resulting in significant financial losses.
Value Lost From Crypto Incidents. Source: Chainalysis
Recently, the Blueberry protocol suffered a loss of 1.35 million USD due to decimal handling issues in its smart contract. Simultaneously, the cryptocurrency gambling platform DuelBits faced a 4.6 million USD loss as a result of a breach in their hot wallet. Additionally, the gaming platform PlayDapp underwent a hacking incident where the attacker maliciously added a harmful address to the official mining address.
These incidents highlight the pressing need to improve security measures and promptly detect threats within the DeFi community. The FBI’s 2023 Internet Crime Report underscores the escalating concerns regarding cryptocurrency-related crimes, with thousands of reported cases in the previous year. Furthermore, a new form of cryptocurrency theft involving an “exit scam toolkit” has added complexity to the environment for both platforms and users.
Related: DeFi Yields Surge to Highest Levels in Two Years
FBI agents state, “IC3 data indicates that fraudsters are increasingly using monitored accounts within financial institutions to exchange cryptocurrencies or request individuals targeted to send funds directly to these platforms, where money is rapidly dispersed.”
With the rising security breaches, DeFi platforms and users must maintain vigilance and preemptively guard against the growing threats in the cryptocurrency market.
