Crypto Lender Shezmu Recovers Hacked Funds via Negotiation

Shezmu negotiated with a hacker to retrieve over $5 million in stolen crypto and increase the bounty.

Utilizing the Yield Protocol, Shezmu recovered nearly $5 million in stolen funds within hours after successfully negotiating with the hacker.

On September 21, Chaofan Shou, co-founder of blockchain analytics firm Fuzzland, alerted the public to a compromised storage vault belonging to Shezmu.

Although it was unclear whether the event was a rug pull or a legitimate hack, Shou confirmed that approximately $4.9 million in cryptocurrencies had been stolen.

.@ShezmuTech has been hacked / rugged. ~$4.9M worth of $ShezUSD stolen.

One of their vaults used collateral that can be minted by anyone. With the free collateral, the attacker can borrow an arbitrary amount of $ShezUSD. pic.twitter.com/eR0bH5rTV2

— Chaofan Shou (svm/acc) (@Fried_rice) September 20, 2024

Shezmu later verified that one of its ShezmuUSD (ShezUSD) stablecoin vaults had been exploited and promptly urged the hacker to return the funds in exchange for a bounty, promising no legal consequences.

Dear White Hat,

The Shezmu team is offering a 10% bounty of the exploited funds, provided that the remaining funds are returned within the next 24 hours. If the funds are not refunded within this time frame, we will escalate the matter through legal channels.…

— Shezmu (@ShezmuTech) September 20, 2024

The protocol issued an on-chain message requesting that 90% of the stolen funds be returned within 24 hours, warning that law enforcement would be involved if the hacker did not comply.

Hacker Requests 20% White Hat Bounty

The hacker responded by demanding a 20% bounty rather than the 10% originally offered by Shezmu.

The protocol agreed to the terms, and within hours, the stolen Dai tokens began to be returned.

The hacker first sent back 282.18 Ether, followed by another refund of 137 Wrapped Ether (WETH).

Update: An additional 137 WETH was recovered from the shezUSD white hat and returned to the Shezmu Treasury!https://t.co/K2AnPkme9F

As we continue to recover the remaining funds, please do not interact with Oasis until further updates. Thank you for your continued support

— Shezmu (@ShezmuTech) September 21, 2024

However, not all the stolen funds had been recovered at the time of writing, and Shezmu advised investors to avoid interacting with the protocol’s Oasis vault until further notice.

WazirX Struggles to Recover $235 Million Stolen Funds

In contrast, Indian cryptocurrency exchange WazirX has not recovered its $230 million in stolen funds, 60 days after being hacked.

WazirX has not acknowledged the hack, instead blaming its custodian, Liminal, for the loss of the funds.

Liminal refuted these claims, announcing on September 9 that an independent audit by multinational firm Grant Thornton found no evidence that the cyberattack originated from Liminal’s web applications or its infrastructure.

It's been over a month since WazirX, a major crypto exchange operating in India, claimed that a cyber attack on their platform led to the theft of $230 million (~ Rs 2000 cr) worth of funds.

We have attempted to be in regular touch with WazirX since the day of the incident but…

— CoinSwitch: India's Simplest Crypto App 🚀 (@CoinSwitch) August 28, 2024

WazirX has also faced legal threats from its customers, including rival Indian crypto exchange CoinSwitch, which initiated legal action to recover approximately 2% of its funds, amounting to $6.2 million.