- DeFi platform WDZD Swap has lost over $1 million to an exploiter known as Fake_Phishing 750 on BSCScan
- The attacker drained 609 ETH bridged to BNB Smart Chain (BSC) in 10 transactions
- The exploiter is also responsible for siphoning funds from another DeFi platform known as Swap X
DeFi platform WDZD Swap has lost over $1 million to an exploiter known as Fake_Phishing on BSCScan, and who’s responsible for siphoning funds from another DeFi platform known as Swap X. According to blockchain security firm CertiK, the attacker drained 609 ETH bridged to BNB Smart Chain (BSC) from the platform and transferred the funds in 10 transactions. However, although the platform claims to be a BSC-powered DeFi protocol, CertiK was unable to unearth all of its inner workings and hence unable to comprehensively document how the exploit happened.
IDO Funds Deposited to a Liquidity Pool
According to CertiK, the DeFi platform conducted an IDO (initial dex offering) which may have put the project under the management of users. However, funds collected during the IDO were channeled to a liquidity pool at a Swap LP address on BSC.
The malicious actor created another contract that he used to drain funds from the Swap LP contract. Due to a lack of sufficient information on how the platform works, the security platform noted that the attacker may have swapped the protocol’s WDZD tokens for LP tokens which they later converted to ETH.
DeFi Protocols Should Obey the Law
The exploit comes in the wake of growing concerns from regulators like the U.S. Treasury who want tighter controls on DeFi protocols. Other players like the U.S. Department of Justice (DOJ) have formed a new outfit mandated to bring DeFi platforms to obey the law.
With some hackers agreeing to return part of the stolen funds, it’s unclear whether WDZD will reach out to the attacker or engage security agencies like the FBI in an attempt to recover the funds.