The DeFi protocol Unizen recently suffered a hack, resulting in approximately $2 million in losses.
This incident is part of a growing trend of security issues within the DeFi space, highlighted by several attacks on major platforms, including PlayDapp.
Unizen Addresses Smart Contract Vulnerability
In response to the hack, blockchain cybersecurity firm PeckShield identified a critical “external call vulnerability” in one of Unizen’s smart contracts. This flaw allowed hackers unauthorized access to execute commands, leading to the theft. PeckShield recommended that Unizen revoke approvals linked to a certain trade aggregator to mitigate further risk since the attacker converted the stolen USDT into DAI but has yet to move the funds.
An “external call vulnerability” represents a significant security risk. External parties can manipulate data or extract funds by executing unintended functions within a smart contract.
The Unizen team has been working diligently to enhance the platform’s security and address the attack’s aftermath. To compensate the affected users, Unizen’s CEO, Sean Noga, has pledged to use personal funds to cover 99% of the losses, with repayments to be made in USDT or USDC. The timeline for these repayments is currently unspecified.
“Our CEO / Founder, Sean Noga, has decided to loan Unizen the majority of the immediate reimbursement at 0% interest with his personal funds in order to maintain our operational speed and efficiency… All wallets who were compromised with 750K USD or less in equivalent value will receive reimbursement as soon as humanly possible,” Unizen said.
Unizen specializes in decentralized trading, providing users access to various DeFi protocols, liquidity pools, and financial services. It stands out for its cross-chain interoperability, allowing users to engage with multiple Web3 applications through a single exchange aggregator.
This $2 million hack underscores the ongoing security challenges in the DeFi ecosystem. February alone saw multiple DeFi platforms targeted by smart contract exploits, leading to significant financial losses.
Blueberry protocol lost $1.35 million because of the way its smart contracts handled decimal numbers. The crypto gambling platform DuelBits also lost $4.6 million due to a compromise of its own hot wallet. Meanwhile, Gaming platform PlayDapp suffered an attack that allowed a hacker to add a malicious address as an official minting address.
These incidents emphasize the need for improved security measures and early threat detection within the DeFi community.
The FBI’s 2023 Internet Crime Report highlighted the growing concern over cryptocurrency-related crimes, with thousands of incidents reported last year. Additionally, a new form of crypto theft involving “drainer kits” has emerged, further complicating crypto users and platforms.
“The IC3 data suggests fraudsters are increasingly using custodial accounts held at financial institutions for cryptocurrency exchanges or third-party payment processors, or having targeted individuals send funds directly to these platforms where funds are quickly dispersed,” FBI agents wrote.
With the rising number of security breaches, DeFi platforms and users must remain vigilant against the threats that loom over the cryptocurrency market.