In the wake of a recent security breach causing the loss of around $2.1 million in user funds, Unizen, a decentralized finance (DeFi) protocol, has acted promptly. To address the situation, Unizen has committed to reimbursing affected users, covering losses of up to $750,000 each. This initiative is aimed at rebuilding trust in the platform and reaffirming Unizen’s dedication to safeguarding user interests.
Defi Platform Unizen Faces $2.1 Million Loss in Unauthorized Access Security Breach
PeckShield, a blockchain analytics firm, flagged an “approve issue” within the DeFi platform on March 9, indicating unauthorized access and the draining of over $2 million in funds. Security advisories were promptly issued, advising users to revoke approvals to stem further losses.
Subsequently, SlowMist, another blockchain security firm, conducted an investigation confirming total losses of approximately $2.1 million, tracing them back to an open external call vulnerability.
Exploiting this vulnerability in the Ethereum-based contract, the hacker converted the pilfered USDT to DAI. Currently, the funds remain stagnant, prompting users to revoke any approvals linked to the hacker’s address to forestall additional losses.
Following the breach, Unizen promptly acknowledged the incident and reassured users of its concerted efforts to bolster platform security and thwart future breaches. The company has introduced a dedicated form to address concerns raised by affected users and cautioned against engaging with unofficial Unizen accounts on social media platforms.
On March 10, Unizen initiated collaboration with law enforcement and forensic experts to identify the perpetrator. Taking proactive steps, Unizen reached out to the hacker through on-chain messages, urging the return of the pilfered funds. To demonstrate ownership, a transfer was made from the foundation wallet to the hacker’s Ethereum wallet.
Emphasizing its ongoing cooperation with law enforcement, Unizen appealed for the swift return of the funds to preempt further legal action. As an incentive for cooperation, the company offered a 20% bounty as a token of appreciation for any white-hat efforts.
Unizen’s Reimbursement Plan Following an Unauthorized Access Breach
As discussions regarding the bounty continued, Unizen took proactive measures to alleviate the impact on affected users. On March 11, the company announced its commitment to immediately reimburse 99% of victims, prioritizing a thorough and personalized approach to the reimbursement procedure.
Sean Noga, the founder and CEO of Unizen, extended personal loans to expedite the refunds, which commenced on the same day for users with losses under $750,000.
Starting March 11, reimbursements will be disbursed to users who incurred losses below $750,000, provided in either USDT or USD Coin (USDC). For users affected by losses surpassing $750,000, Unizen assures a tailored resolution process.
In addition to the reimbursement initiative, Unizen has rolled out a comprehensive video guide aimed at educating users on reviewing and revoking approvals within the platform. This move seeks to minimize susceptibility to future vulnerabilities among its user base.
Unizen’s Chief Technology Officer, Martin Granström, disclosed on X that the company has amassed ample evidence for a thorough post-mortem report and has enlisted the support of third-party firms for assistance. Granström assured users that an incident report would be forthcoming and reiterated the company’s commitment to fortifying security measures. He pledged increased investment in safeguarding user assets for the future.
The Unizen exploit adds to a series of crypto-related breaches in February, including the recent WOOFi breach, which incurred losses of approximately $8.75 million. As Unizen prepares to unveil its post-mortem report, the platform’s engineering team remains focused on restoring normal operations while enhancing security measures to protect user assets.