Crypto lender Shezmu has managed to recover almost $5 million worth of assets after losing them earlier today in a hacking breach.
Chaofan Shou raised the alarm on X that the lender’s storage vault had been compromised, and implied that it is not certain whether this is a genuine hack or a rug pull. Chaofan mentioned that $ShezUSD token worth $4.9 million was stolen in the attack.
.@ShezmuTech has been hacked / rugged. ~$4.9M worth of $ShezUSD stolen.
One of their vaults used collateral that can be minted by anyone. With the free collateral, the attacker can borrow an arbitrary amount of $ShezUSD. pic.twitter.com/eR0bH5rTV2
— Chaofan Shou (@shoucccc) September 20, 2024
Later, in another X post, the lender’s team confirmed that its ShezmuUSD stablecoin vault was exploited and the funds were lost. The company urged the attackers to return the funds in exchange for a bounty and promised that no legal repercussions would follow the attack.
The team gave the attacker 24 hours to return the funds, with a 10% bounty reward. It also mentioned that failure to return the funds in the designated time frame will prompt the team to escalate the matter legally.
The hacker convinced Shezmu to raise the bounty to 20%
Following an on-chain discussion with the hacker, the team received 80% of the stolen funds back into its treasury. The team reminded the hacker that his wallet is linked to a KYC exchange, and if the hacker returns the funds, the incident will be considered a white-hat hack.
A few hours after the incident, the team received the stolen Dai tokens in the wallet. At first, the hacker sent 282.18 Ether, followed by 137 WETH.
Update: An additional 137 WETH was recovered from the shezUSD white hat and returned to the Shezmu Treasury!https://t.co/K2AnPkme9F
As we continue to recover the remaining funds, please do not interact with Oasis until further updates. Thank you for your continued support
— Shezmu (@ShezmuTech) September 21, 2024
The team has urged its investors and users of the protocol to avoid interacting with the platform’s Oasis vault for now, until further notice.
In a similar event, WazirX, an Indian crypto exchange, reportedly got hacked recently, resulting in the loss of $230 million worth of funds. However, the exchange has not done much to track down the funds. Furthermore, WazirX did not formally accept that it was hacked and blamed its custodian for the loss of funds.
Recently, the exchange ended up receiving legal threats from customers, including another rival exchange called CoinSwitch.