Shezmu, a notable player in the crypto lending market, fell victim to a substantial cyber attack that resulted in the loss of approximately $4.9 million worth of cryptocurrencies. The breach occurred on September 21, as revealed by Chaofan Shou, co-founder of blockchain analytics firm Fuzzland, who reported suspicious activity related to Shezmu’s storage vault. This incident raised alarms within the crypto community, prompting a thorough investigation to determine whether it was a legitimate hack or a more complex scheme like a rug pull.
Upon confirming that one of its ShezmuUSD (ShezUSD) stablecoin vaults had been compromised, Shezmu’s team took immediate action by shutting down affected systems and engaging with cybersecurity experts. Rather than resorting to law enforcement right away, Shezmu adopted an innovative approach by reaching out directly to the hacker, urging them to return the stolen funds in exchange for a bounty. This negotiation tactic underscores a growing trend in the crypto world, where companies are looking for alternative avenues to recover stolen assets without escalating legal confrontations.
In the aftermath of the initial outreach, the hacker responded with a counter-offer, demanding a 20% bounty instead of the 10% initially proposed by Shezmu. Demonstrating a willingness to compromise, Shezmu accepted the hacker’s terms, which ultimately led to the return of substantial portions of the stolen assets. Notably, within hours of the negotiation, the hacker began transferring back stolen funds, including 282.18 Ether and 137 Wrapped Ether to the protocol, highlighting the potential for negotiation in such cyber incidents.
While the recovery efforts are ongoing, Shezmu has advised its investors to limit interactions with the protocol’s Oasis vault until the situation stabilizes. This incident not only raises concerns about the security protocols in place at cryptocurrency firms but also emphasizes the need for robust preventive measures against future attacks. As the crypto industry continues to evolve, the Shezmu hack serves as a stark reminder of the vulnerabilities present in digital finance and the creative responses required to mitigate these risks.
