Decentralized finance (DeFi) protocol Unizen has taken swift action in response to a recent security breach that resulted in the loss of approximately $2.1 million in user funds.
Following the compromise, Unizen pledged to reimburse affected users who lost up to $750,000, aiming to restore confidence in its platform and uphold its commitment to user protection.
Defi Platform Unizen Faces $2.1 Million Loss in Unauthorized Access Security Breach
Dear unizen community,
After an arduous weekend, we have made the strategic decision to make over 99% of those affected from our community completely whole with immediate effect.
Our CEO / Founder, Sean Noga, has decided to loan Unizen the majority of the immediate… pic.twitter.com/d9GyaH3j8Y
— unizen (@unizen_io) March 11, 2024
On March 9, the blockchain analytics firm PeckShield identified an “approve issue” within the DeFi platform, signaling unauthorized access and the drainage of over $2 million in funds. Promptly, security advisories were issued, urging users to revoke approvals to mitigate further losses.
Another blockchain security firm, SlowMist, investigated and confirmed that the total losses amounted to around $2.1 million, attributing them to an open external call vulnerability.
The hacker exploited an external call vulnerability within the Ethereum-based contract, converting the stolen USDT to DAI. The funds remain stationary, with users urged to revoke any approvals associated with the hacker’s address to prevent additional losses.
In response to the breach, Unizen acknowledged the incident and assured users that the team was working diligently to enhance platform security and prevent future breaches. The company has established a dedicated form to address concerns from affected users and cautioned against communicating with unofficial Unizen accounts on social media platforms.
On March 10, Unizen initiated cooperation with law enforcement and forensic experts to identify the perpetrator. Unizen proactively reached out to the hacker with on-chain messages urging the return of the stolen funds, accompanied by a demonstration of ownership through a transfer from the foundation wallet to the hacker’s Ethereum wallet.
Unizen emphasized its ongoing collaboration with law enforcement and requested the prompt return of funds to avoid further legal action. As an incentive for cooperation, the company offered a 20% bounty as a token of appreciation for white-hat efforts.
Unizen’s Reimbursement Plan Following an Unauthorized Access Breach
While bounty discussions continued, Unizen took proactive steps to alleviate the impact on affected users. On March 11, the company announced its intention to reimburse 99% of victims immediately, prioritizing a meticulous, individualized approach to the reimbursement process.
Dear unizen community,
After an arduous weekend, we have made the strategic decision to make over 99% of those affected from our community completely whole with immediate effect.
Our CEO / Founder, Sean Noga, has decided to loan Unizen the majority of the immediate… pic.twitter.com/d9GyaH3j8Y
— unizen (@unizen_io) March 11, 2024
Sean Noga, the founder and CEO of Unizen, extended personal loans to facilitate the refunds, which commenced on the same day for users who lost less than $750,000.
Beginning on March 11, refunds will be distributed to users who lost amounts below $750,000, facilitated in either USDT or USD Coin (USDC). For users affected by losses exceeding $750,000, Unizen assures a personalized resolution process.
Alongside the reimbursement initiative, the company released a comprehensive video guide to educate users on reviewing and revoking approvals within the platform, minimizing susceptibility to future vulnerabilities.
Unizen’s chief technology officer, Martin Granström, disclosed on X that Unizen has gathered sufficient evidence for a comprehensive post-mortem report and engaged third-party firms for assistance. Granström assured users that an incident report would be released shortly and also affirmed the company’s dedication to bolstering security measures, pledging increased investment in safeguarding user assets for the future.
The Unizen exploit joins a string of crypto-related exploits in February, including the recent WOOFi breach, which resulted in losses of approximately $8.75 million. As Unizen prepares to release its post-mortem report, the platform’s engineering team remains focused on restoring normal operations while bolstering security measures to safeguard user assets.
Read the full article here