The Vulnerability: ShezUSD Borrowing Without Restriction
In a recent incident, Shezmu, a decentralized finance (DeFi) protocol, fell victim to a significant exploit that resulted in the loss of $5 million. The hacker took advantage of a previously unused vulnerability within one of Shezmu’s vault systems. This vulnerability allowed the attacker to mint collateral without any restrictions, enabling them to borrow ShezUSD without limitation. As a result, the perpetrator siphoned off approximately $5 million from the platform.
Negotiation with the Hacker
After discovering the breach, Shezmu initiated contact with the hacker in an attempt to negotiate the return of the stolen funds. Initially, Shezmu offered a 10% bonus if the tokens were returned. The hacker countered with a demand for a 20% bonus, to which Shezmu agreed. This negotiation led to a sort of white hat settlement, where the hacker returned the funds and no further legal actions were pursued. This mitigated continued financial losses and avoided lengthy legal battles.
Recovery of Stolen Funds
Remarkably, within less than a day, the hacker began to return the stolen assets. The initial returns included DAI, 419.18 ETH, and wrapped ETH (wETH). Shezmu has since assured the full recovery of the remaining funds and has laid out a clear strategy for compensating the impacted liquidity providers (LPs).
Shezmu has committed to taking screenshots of LPs holding ShezUSD and ShezETH paired assets across platforms like Curve, Balancer, and Beefy. These LPs will receive airdrops of the recovered funds, covering 80% of the lost liquidity. The remaining 20% will be compensated by selling Shezmu’s debt tokens, which will later be redeemed using protocol fees and treasury assets.
In addition, Shezmu has activated the recovery mode for its Balancer ShezETH pool. This mode allows LPs to withdraw their investments proportionally but restricts any new deposits or swaps on the pool. The protocol has promised to release a comprehensive post-mortem report detailing the incident and outlining measures to enhance security and prevent future exploits.
