Threat actors have stolen $55 million worth of cryptocurrency from the bZx decentralized finance (DeFi) platform. The decentralized finance (DeFi) platforms allow users to borrow/loan and speculate on cryptocurrency price variations.
Attackers obtained two private keys for the DeFi platform through spear-phishing attacks, the attack was similar to the one that affected recently another user named “mgnr.io”. The company pointed out that the incident was not a protocol hack.
The phishing message used a weaponized Word document that once opened ran a script on the developer’s computer allowed the attackers to access the employee’s mnemonic wallet phrase.
The attackers stole funds in the developer’s personal wallet along with the two private keys that were being used by the bZx platform for its integration with the Polygon and Binance Smart Chain (BSC) blockchains.
