Blockchain security firm SlowMist has estimated that $55 million (USD) or more in cryptocurrency was stolen by cyber criminals from the bZx Decentralized Financing (DeFi) platform. bZx publicly disclosed that one of their platform developers clicked on a phishing email attachment that contained a malicious macro embedded into it. The later stages of the attack emptied the developer’s personal cryptocurrency wallet and stole private keys that were being utilized by the platform for integration with the Polygon and Binance Smart Chain (BSC) blockchains. As a result, criminals were able to use these private keys to steal cryptocurrency from the Polygon and BSC funds, as well as from any users who enabled unlimited spending tokens for Polygon and BSC on their accounts. bZx has said it is working with cryptocurrency exchanges to track the attacker and freeze exchanges in an effort to return as many of the stolen funds as possible.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in