Decentralized finance (DeFi) protocol Unizen faced a significant setback recently, with a security breach resulting in the unauthorized access and loss of around $2.1 million in user funds. The breach was identified by blockchain analytics firm PeckShield on March 9, highlighting an “approve issue” within the DeFi platform that led to the drainage of funds. Following this discovery, security advisories were promptly issued to users to revoke approvals to prevent further losses.
Further investigation by blockchain security firm SlowMist confirmed the total losses and attributed them to an open external call vulnerability. The hacker exploited this vulnerability within the Ethereum-based contract, converting the stolen USDT to DAI. To prevent additional losses, users were advised to revoke any approvals associated with the hacker’s address.
In response to the breach, Unizen took immediate action to address the situation. The company pledged to reimburse affected users who lost up to $750,000, aiming to restore confidence in its platform and demonstrate its commitment to user protection. Unizen also initiated cooperation with law enforcement and forensic experts to identify the perpetrator and recover the stolen funds.
Unizen’s CEO and founder, Sean Noga, personally extended loans to facilitate the refunds, with the reimbursement process commencing on March 11 for users who lost less than $750,000. Refunds are being distributed in either USDT or USD Coin (USDC), with a personalized resolution process in place for users affected by larger losses.
To educate users on enhancing their security measures, Unizen released a comprehensive video guide on reviewing and revoking approvals within the platform. The company’s chief technology officer, Martin Granström, confirmed that a post-mortem report is in progress, with third-party firms assisting in the investigation. Unizen remains dedicated to strengthening its security measures and safeguarding user assets in the future.
As Unizen prepares to release its post-mortem report, the platform’s engineering team is focused on restoring normal operations and enhancing security to prevent similar incidents. This incident underscores the importance of robust security measures in the DeFi space and the ongoing efforts to protect user funds in the evolving digital landscape.
Ian is a cryptocurrency enthusiast blending humor with professionalism. With an engineering background and a storyteller's heart, he simplifies the blockchain world with sharp analysis and a touch of wit. At Cryptowire, he brings his unique perspective to make digital financial innovation accessible to all.
