Shezmu, a DeFi protocol, was recently exploited in a heist that saw the thief relieve the contract of $5 million through a disused vulnerability on the contract’s vault system. The protocol switched to bargaining with the hacker and managed to reclaim the bigger percentage of the stolen amount. Here’s how the incident unfolded:

The vulnerability: ShezUSD borrowing without restriction

The attack happened when the hacker misused a vulnerability in one of Shezmu’s vaults which enabled him to mint collateral without any restrictions. This was while the attacker was able to take as many ShezUSD loans as possible and siphoned about $5 million from the platform.

Negotiation with the hacker

Subsequently, Shezmu started interacting with the hacker and offered a 10% bonus in case the tokens were returned. The hacker counter-ed with a demand for 20% and Shezmu agreed. This placed the situation in what can be termed a white hat kind of settlement since there was no more continued loss as well as no legal complaints.

Recovery of stolen funds

In less than a day, the hacker started to return the stolen asset, first, it was DAI alongside, 419.18 ETH including wETH. Shezmu has since provided assurance of recovery of all the remaining funds and the recovery of the stolen capital.

However, in the strategy regarding the hack, Shezmu has outlined what would be done to support the impacted LPs in a clear manner. Screenshots of LPs holding ShezUSD and ShezETH paired assets with tokens on Curve, balancer, and Beefy would be taken.

These lost LPs will be rewarded with an airdrop of the regained funds that will make up 80 per cent of the lost liquidity. As for the remaining 20%, Shezmu will sell its debt tokens, which will be redeemed by protocol fees and treasury assets.

Apart from the recovery, Shezmu has activated the recovery mode for its Balancer ShezETH pool which means LPs can withdraw their quantities in proportion to investment but cannot deposit or swap on the pool. The protocol will soon publish a post-mortem report of the incident and measures it is taking to safer future exercises.

Earn more PRC tokens by sharing this post. Copy and paste the URL below and share to friends, when they click and visit Parrot Coin website you earn: https://parrotcoin.net0

PRC Comment Policy

Your comments MUST BE constructive with vivid and clear suggestion relating to the post.

Your comments MUST NOT be less than 5 words.

Do NOT in any way copy/duplicate or transmit another members comment and paste to earn. Members who indulge themselves copying and duplicating comments, their earnings would be wiped out totally as a warning and Account deactivated if the user continue the act.

Parrot Coin does not pay for exclamatory comments Such as hahaha, nice one, wow, congrats, lmao, lol, etc are strictly forbidden and disallowed. Kindly adhere to this rule.

Constructive REPLY to comments is allowed

S/N	Instance	Amount	Limit
1	Your Earnings for Approved Comment	20,000 PARROT	30 per day
2	Your Earnings for reading news	5,000 PARROT	30 per day
3	Your Earnings for referring a visitor	30,000 PARROT	No limit
4	Your Earnings for daily site visit	3,000 PARROT	Once per day
5	Your Earnings for affiliate sales	Coming soon	No limit
6	Your Earnings for publishing new Post	20,000 PARROT	Once per day
7	Your Earnings for Affiliate Referrals	Coming soon	No Limit
8	Your earnings for freelance article	20,000 PARROT	Once per day
9	Your earnings for store product review	Coming soon	No limit

Shezmu Hack Unveiled: How $5M Was Stolen and Partially Recovered

The vulnerability: ShezUSD borrowing without restriction

Negotiation with the hacker

Recovery of stolen funds

PRC Comment Policy

Leave a Reply Cancel reply