How someone can steal a million dollars in cryptocurrency and then destroy it for revenge

A report by cybersecurity firm BlockSec describes how a hacker discovered a method to exploit cryptocurrency loan agreements and triple their crypto reward on the ZEED DeFi protocol, executed on Binance Smart Chain and trading in a virtual currency known as YEED. During the incident, over a million USD in virtual assets were compromised.

Through its Twitter account, BlockSec provided some details about the incident: “Our system detected an attack transaction that exploited a reward distribution vulnerability in ZEED,” the message states.

At the end of the message, BlockSec also mentioned that the compromised assets were lost forever due to the hacker using a self-destruct feature: “The attacker does not transfer the tokens obtained before self-destructing the attack contract. Probably, I was too excited,” BlockSec adds.

Although the developers mention that this could have been a mistake, there is a possibility that the hacker deleted the stolen assets on purpose. BlockSec mentions that they are still not sure what the attacker’s motivation is.

On the other hand, a Vice report mentions that the hacker could have been an activist or someone interested in sending a powerful message. Because the self-destruct feature removed these tokens completely, they are essentially gone forever. Investigators believe the attacker simply wanted to see the world burn, and he more than succeeded.

After the sale of the compromised tokens, YEED’s value plummeted, so the team behind YEED began to take steps to secure its systems and prevent similar incidents in the future, in an attempt to revalue this virtual asset.

Whether this is the work of a modern Robin Hood, or a blunder by the hacker, this incident generated considerable losses and, probably, you will never know exactly what has happened to these virtual assets.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.