Unizen, a leader in decentralized finance, has taken a proactive stance following a security breach. This breach led to a substantial loss of $2.1 million from its users’ funds. On March 9, blockchain security firms PeckShield and SlowMist identified the breach. They played pivotal roles in uncovering and evaluating the incident’s scope.
PeckShield was the first to spot a critical “approve issue,” which revealed the theft of over $2 million from the platform. SlowMist’s thorough investigation pinpointed the losses at approximately $2.1 million.
They found that the attacker converted the stolen funds from Tether (USDT) to Dai (DAI) through a vulnerability in an Ethereum-based contract. Currently, the funds are not moving, and Unizen has urged users to cancel any permissions linked to the attacker’s address to stop further losses.
Proactive Measures and User Reimbursement
Responding quickly, Unizen contacted the thief with an on-chain message, offering a 20% bounty for returning the stolen assets. The firm is also working with law enforcement and forensic experts to trace the hacker.
Despite these efforts, Unizen announced it would start compensating 99% of affected users immediately, especially those who lost $750,000 or less. Sean Noga, Unizen’s CEO, has pledged personal funds to ensure these users are reimbursed in USDT or USD Coin (USDC). For losses above $750,000, Unizen promises individual assessments.
To assist users, Unizen released a tutorial on revoking platform approvals, aiming to prevent further risk. Martin Granström, the CTO, has announced that enough evidence has been gathered for a detailed incident report, set to be published with external partners. He also highlighted the company’s dedication to boosting its security framework to avert future attacks.