Decentalized finance (defi) protocol Bzx has recovered the $8.1 million it lost to a hacker a few days ago. The company claims it was able to track down the cyber thief, whom it refused to name for legal reasons, through their on-chain activity. Cornered, the attacker returned the loot.
“All funds have been recovered from the attacker. We are restoring the system,” said Kyle Kistner, co-founder of Bzx, in a statement released on September 15. “The funds are now in the team wallet and being used to restore the lending pools.”
On September 13, a faulty code in Bzx smart contracts allowed the hacker to mint 219,200 LINK tokens (valued at $2.6 million); 4,503 ETH ($1.65 million); 1,756,351 USDT ($1.76 million); 1,412,048 USDC ($1.4 million) and 667,989 DAI (worth $681,000) – all totaling $8.1 million.
Marc Thalen, the Bitcoin.com lead engineer who discovered the bug, has finally been paid a bounty of $45,000. Initially, Bzx did not want to pay out that much amount of money to Thalen, offering him just $12,500 as bounty because “Marc had only reported the issue when the attack had mostly concluded.”
In a thread on Twitter, Thalen complained: “Bzx just mentioned on a call it doesn’t feel like it’s worth more than 12.5k as their ‘independent’ panel decided to and they feel like sticking to it. They are not willing to disclose [the] identities of the panel. [I’m] really disappointed in Bzx.”
However, that figure severely undermined the protocol’s own bug bounty policy for high-level discoveries, which can be paid up to $350,000. Bzx later reconsidered its position following a massive social media backlash and paid Thalen a “reasonable” $45,000.
Peckshield, one of the two audit firms that failed to identify the defective code that led to the theft of the $8.1 million crypto, said in a letter to the Bzx community that its initial audit identified 16 security issues that were fixed – but that is never enough.
“Bzx and Peckshield are developing a plan to re-examine the protocol and set up real-time monitoring on key blockchain data indicators,” it wrote. The measure is expected to enhance security on the platform.
What do you think about Bzx recovering the $8.1 million stolen crypto? Let us know in the comments section below.
Image Credits: Shutterstock, Pixabay, Wiki Commons
Disclaimer: This article is for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, or a recommendation or endorsement of any products, services, or companies. Bitcoin.com does not provide investment, tax, legal, or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article.