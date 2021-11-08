As cryptocurrencies rise in popularity and more people enter the business, more hackers try to develop techniques that allow them to steal cryptocurrencies. This has been the last great robbery.

Another day in the office for the pirates to steal cryptocurrencies, and we have just learned that there has been a new robbery, this time to the decentralized finance platform bZx (DeFi).

The attack was through phishing an employee of the finance platform and that allowed users to request loans, lend and speculate on variations in the price of cryptocurrencies, thus giving attackers two private keys.

These were used by hackers to use them on the platform for integration with the Polygon and Binance Smart Chain (BSC) blockchains.

A subsequent investigation ensures that the hackers, after taking control of BSC and Polygon, emptied the protocol of both and updated the contract to allow the emptying of all the tokens that the contracts had approved in an unlimited way.

Although bZx has yet to comment on the amount of the stolen funds, in reporting the incident, blockchain security firm SlowMist estimates that the figure will be over 55 million dollars, based on the transactions it has detected.

Based on the platform, it appears that a bZx developer was sent a phishing email with a malicious macro in a Microsoft Word document, disguised as a legitimate email attachment.

The tainted attachment ran a script that provided attackers with the personal mnemonic phrase from the wallet cryptocurrency developer.

The attack escalated once the hackers seized the two private keys. In addition to developer funds, the attack has also affected lenders, borrowers and farmers with funds in Polygon and BSC, and to those who had given unlimited approvals to those contracts.

Phishing has evolved to continue to mislead users and make it difficult to detect. We tell you what homoglyph-based phishing is and what you can do to avoid falling into its trap.

As the platform works to gather the specific list of portfolios that were affected, it has disabled the ability to deposit new funds. bZx also said that it is working with various cryptocurrency exchanges to track down the attacker and recover the stolen funds.

Another bad day for all those who have cryptos and who bet their savings in said currencies, especially since tracking this money is practically impossible (although sometimes there is a happy ending).