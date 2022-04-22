In a rare but comical blunder among DeFi exploits, an attacker has failed his heist at the finish line leaving behind over $1 million worth of stolen cryptocurrency.

Just after 8 a.m. UTC on Thursday, April 21, blockchain security and analytics firm BlockSec shared that it had detected an attack on a little-known DeFi lending protocol called Zeed, which calls itself a “decentralized integrated financial ecosystem.”

The attacker took advantage of a vulnerability in the way the protocol distributes rewards, which allowed him to mint additional tokens that were then sold, making fall the price to zero, but getting something more than a million dollars.

Blockchain analytics firm PeckShield noted that the stolen crypto was transferred to a “attack contract”, a smart contract that automatically and quickly executes the found exploit.

Nevertheless, the attacker was apparently so excited about his successful heist that he forgot to transfer the $1 million in stolen cryptocurrency out of his attack contract before setting it to self-destruct, permanently and irreversibly ensuring that funds can never be moved.

Using a blockchain scanner to view the attack contract address shows that $1,041,237.57 worth of BSC-USD token is forever stuck in the contract and the successful self-destruction of the contract was confirmed at 7:15AM UTC on April 21.

It is one of the strangest turns of events since the Polygon hacker did an “Ask Me Anything” using messages embedded in Ethereum (ETH) transactions after stealing $612 million from the protocol in August 2021. The Q&A session revealed that the attacker hacked “for fun” and thought “cross-chain hacking is cool.”

This latest hack is on the smaller end of the amount stolen, and other DeFi protocol hacks have seen hundreds of millions siphoned off such as with the recent Ronin Bridge hack where attackers made off with over $600 million.

Other notable attacks on DeFi include the theft of $80 million worth of crypto from Qubit Finance in January, when attackers tricked the protocol into thinking they had deposited collateral, allowing them to mint an asset that represented a bridging cryptocurrency.

The DeFi market Deus Finance came under attack in March, when hackers manipulated the price feed of a pair of stablecoins, leading to insolvency of user funds, netting the hackers over $3 million.

