The hacker behind a recent DeFi exploit appears to have forgotten to transfer the stolen funds out of the attack contract.
What Happened: DeFi lending protocol Zeed (CRYPTO: YEED) was the victim of the latest exploit where bad actors managed to extract funds from the protocol by exploiting a vulnerability in the code.
The exploit resulted in the price of YEED crashing to zero and the hacker gaining $1 million in profit.
#PeckShieldAlert It appears that @zeedcommunity suffered an exploit. The exploiter gained ~$1m. The gains currently sit in the attack contract. https://t.co/bSHHGM623Q @peckshield https://t.co/jXVj0oGI8B
— PeckShieldAlert (@PeckShieldAlert) April 21, 2022
Blockchain security firm PeckShield pointed out the attacker had not transferred the funds out of the attack contract before calling the “self-destruct” function. Essentially, this means that the stolen cryptocurrency is permanently and irreversibly stuck in the attack contract.
Interesting. The hacker kills the contract, but forgets to transfer the profit. https://t.co/HbS2fiztuc https://t.co/uApZyK8Uym pic.twitter.com/FwpZweNLHU
— PeckShield Inc. (@peckshield) April 21, 2022
See Also: A Person Behind $611M DeFi Hack Reveals Their Identity In Careless Mistake
What Else: DeFi exploits are a somewhat common occurrence in the crypto space. Earlier this week, Ethereum (CRYPTO: ETH) based DeFi protocol Beanstalk Farms saw $182 million worth of funds drained from its platform.
The attackers executed a flash loan exploit and made a profit of $80 million. The majority of stolen funds were sent to be laundered through coin mixing tool Tornado Cash (CRYPTO: TORN), while $250,000 was sent to Ukraine’s crypto donation wallet address.
Read Next: BEST DEFI YIELD FARMS
