Unizen to reimburse victims after $2.1 million defi breach

Unizen, a decentralized finance (defi) protocol, has committed to reimbursing users who lost $750,000 or less at the earliest opportunity, following a significant security breach that resulted in the loss of approximately $2.1 million in user funds.

Blockchain analytics firms PeckShield and SlowMist played crucial roles in identifying and assessing the breach on March 9.

PeckShield first detected an “approve issue” on March 9, leading to the discovery that over $2 million had been siphoned from the platform. SlowMist’s investigation confirmed the total losses amounted to around $2.1 million, noting that the stolen funds were converted from Tether (USDT) to the stablecoin Dai (DAI).

The hacker exploited an external call vulnerability within the Ethereum-based contract, converting the stolen USDT to DAI. The funds remain stationary, with users urged to revoke any approvals associated with the hacker’s address to prevent additional losses.

In response to the theft, Unizen proactively reached out to the hacker with an on-chain message on March 10, offering a 20% bounty for the return of the remaining stolen assets. The company has also engaged with law enforcement and forensic experts to trace the hacker’s identity.

Despite the ongoing negotiations for the bounty, Unizen announced on March 11 its plan to begin compensating 99% of the victims immediately, prioritizing a meticulous, individualized approach to the reimbursement process.