$55 million stolen in bZx Phishing attack


On November 5, a bad actor managed to steal a batch of BZRX tokens and other cryptocurrencies on BSC and Polygon using bZx private keys obtained in a phishing attack. 

The attacker was then able to deposit the stolen BZRX coin as collateral to borrow against other funds in the protocol.

bZx is an L2 DeFi margin lending protocol that works on Ethereum, Polygon, and BSC. The deployment, governance, and vault of the DAO on Ethereum were not affected by the phishing attack, nor was the bZx smart contract.

$55 million stolen in bZx Phishing attack
 $55 million stolen in bZx Phishing attack

The attack gave the hackers the keys to the Polygon and BSC deployments of the bZx protocol, the affected lenders, borrowers, and farmers, and those who gave unlimited approvals to these contracts. Funds were subsequently removed from BSC and Polygon's implementation of bZx.

The auditors of the Slowmist blockchain system have estimated the value of the lost funds at $55 million.

Attack schedule

bZx has released a preliminary report on the attack method, schedule, and repercussions. Initially, the developer's mnemonic wallet phrase was hacked.

Early on, bZx was notified that there was a negative balance in the user's account and that usage rates were high. Subsequently, bZx determined that there was suspicious activity in its Polygon and BSC deployments, and traced the stolen funds to wallet addresses. The attacker moved the stolen funds across Binance, KuCoin and Circle, who were notified of mitigating measures.

Etherscan, a tool for viewing data about any pending or confirmed Ethereum blockchain transactions, has revealed the addresses of wallets containing the stolen funds.


0xafad9352eb6bcd085dd68268d353d0ed2571af89 (2 million BZRX)


0x74487eed1e67f4787e8c0570e8d5d168a05254d4 (10 million BZRX)

0x967bb571f0fc9ee79c892abf9f99233aa1737e31 (2.5 million BZRX)

0x0ACC0e5faA09Cb1976237c3a9aF3D3d4b2f35FA5 (Primary hacker wallet)


0x74487eed1e67f4787e8c0570e8d5d168a05254d4 (10 million BZRX)

0x967bb571f0fc9ee79c892abf9f99233aa1737e31 (12 million BZRX) 

0x967bb571f0fc9ee79c892abf9f99233aa1737e31 (82K BZRX)

0x74487eEd1E67F4787E8C0570E8D5d168a05254D4 (4 million ETH, primary hacker wallet)

0x1ae8840ceaef6eec4da1b1e6e5fcf298800b46e6 (USDT was frozen, hacker wallet)

0xAfad9352eB6BcD085Dd68268D353d0ed2571aF89 ($1.4M, $243K, $15M ETH, hacker wallet)

0x967bb571f0fc9ee79c892abf9f99233aa1737e31 (2 million ETH, hacker wallet)

0x6abcA33faeb7deb1E61220e31054f8d6Edacbc81 (1.5 million BZRX, hack wallet, KuCoin internal transactions) 

0x1Ae8840cEaEf6EeC4dA1b1e6e5FCf298800b46e6 (hacker sent money from KuCoin to this address)

bZx response

bZx claims to be working with law enforcement, exchanges, and investigators to identify the culprit and recover stolen funds.

 It is relaunching Polygon and BSC deployments under the control of the Decentralized Autonomous Organization (DAO) and is developing a compensation plan for affected users.

It also posted a message to the attacker encouraging him to return the stolen money in exchange for a reward. Users are reminded to revoke any agreement to hold bZx on Polygon or BSC.

The previous bZx attack in February 2020 saw $500,000 of ETH stolen. Next, the DeFi Lending Protocol team worked to enhance security on L2 by allowing external audits of the underlying protocol.


All information on our website is published in good faith and for general information purposes only. Any action the reader takes regarding the information on our website is at his or her own risk.

Source: https://beincrypto.com/estimated-55m-stolen-bzx-phishing-attack/