$2 Million Hacked From This DeFi Protocol

The DeFi protocol Unizen recently suffered a hack, resulting in approximately $2 million in losses.

This incident is part of a growing trend of security issues within the DeFi space, highlighted by several attacks on major platforms, including PlayDapp.

Unizen Addresses Smart Contract Vulnerability

In response to the hack, blockchain cybersecurity firm PeckShield identified a critical “external call vulnerability” in one of Unizen’s smart contracts. This flaw allowed hackers unauthorized access to execute commands, leading to the theft. PeckShield recommended that Unizen revoke approvals linked to a certain trade aggregator to mitigate further risk since the attacker converted the stolen USDT into DAI but has yet to move the funds.

An “external call vulnerability” represents a significant security risk. External parties can manipulate data or extract funds by executing unintended functions within a smart contract.

The Unizen team has been working diligently to enhance the platform’s security and address the attack’s aftermath. To compensate the affected users, Unizen’s CEO, Sean Noga, has pledged to use personal funds to cover 99% of the losses, with repayments to be made in USDT or USDC. The timeline for these repayments is currently unspecified.

“Our CEO / Founder, Sean Noga, has decided to loan Unizen the majority of the immediate reimbursement at 0% interest with his personal funds in order to maintain our operational speed and efficiency… All wallets who were compromised with 750K USD or less in equivalent value will receive reimbursement as soon as humanly possible,” Unizen said.