Unizen, a decentralized finance (defi) protocol, has committed to reimbursing users who lost $750,000 or less at the earliest opportunity, following a significant security breach that resulted in the loss of approximately $2.1 million in user funds.
Blockchain analytics firms PeckShield and SlowMist played crucial roles in identifying and assessing the breach on March 9.
PeckShield first detected an “approve issue” on March 9, leading to the discovery that over $2 million had been siphoned from the platform. SlowMist’s investigation confirmed the total losses amounted to around $2.1 million, noting that the stolen funds were converted from Tether (USDT) to the stablecoin Dai (DAI).
The hacker exploited an external call vulnerability within the Ethereum-based contract, converting the stolen USDT to DAI. The funds remain stationary, with users urged to revoke any approvals associated with the hacker’s address to prevent additional losses.
In response to the theft, Unizen proactively reached out to the hacker with an on-chain message on March 10, offering a 20% bounty for the return of the remaining stolen assets. The company has also engaged with law enforcement and forensic experts to trace the hacker’s identity.
Despite the ongoing negotiations for the bounty, Unizen announced on March 11 its plan to begin compensating 99% of the victims immediately, prioritizing a meticulous, individualized approach to the reimbursement process.
Sean Noga, the founder and CEO of Unizen, has provided personal funds to facilitate the reimbursements, ensuring that users who suffered losses below the $750,000 threshold receive their funds back in USDT or USD Coin (USDC). Cases involving losses exceeding $750,000 are to be addressed individually. Furthermore, Unizen has released a video guide to assist users in revoking platform approvals to mitigate further risks.
Martin Granström, Unizen’s Chief Technology Officer, disclosed on social media platform X that sufficient evidence has been gathered for a comprehensive incident report, which will be published in collaboration with external third-party firms. Granström also reiterated the company’s commitment to enhancing its security measures to prevent future incidents.
This incident underscores the urgent need for the DeFi sector to continually reassess and enhance their security measures to protect user assets from complex online attacks. In a recent event last month, Seneca Protocol experienced a severe security compromise, leading to a sharp 65% decline in the price of its SEN token. CertiK reported that the assailant took advantage of a flaw within the protocol, making off with digital assets valued at around $3 million. Furthermore, the offender moved 1,000 ETH between two independent accounts, bringing the total estimated damages to about $6.4 million.