Crypto lender Shezmu successfully recovered the majority of its stolen funds through direct negotiation with the hacker responsible for exploiting one of its ShezmuUSD (ShezUSD) stablecoin vaults. The incident, which came to light on September 21, initially raised concerns about the security of the platform and the safety of user funds.
Chaofan Shou, co-founder of blockchain analytics firm Fuzzland, first alerted the public about the compromised Shezmu storage vault. While the exact nature of the incident – whether a deliberate “rug pull” or a genuine external hack – remained uncertain at the outset, Shou confirmed that roughly $4.9 million worth of cryptocurrencies had been stolen.
Shezmu promptly confirmed the security breach, acknowledging that one of its ShezmuUSD stablecoin vaults had been exploited. In a decisive and unconventional move, the platform publicly called upon the hacker to return the stolen funds. Shezmu offered a 10% bounty reward in exchange for the return of 90% of the stolen assets within a 24-hour timeframe. The platform assured the hacker that there would be no legal repercussions if they cooperated and indicated that law enforcement would only be involved if the hacker refused to return the funds.
The hacker responded to Shezmu’s offer with a counter-proposal, demanding a 20% bounty instead of the initial 10%. Demonstrating a commitment to recovering user funds, Shezmu agreed to the hacker’s demand.
This negotiation tactic proved successful. Within hours of accepting the 20% bounty, Shezmu began receiving the stolen Dai tokens back into its wallet. The hacker initially returned 282.18 Ether (ETH), followed by a further refund of 137 Wrapped Ether (WETH).
Shezmu advised users to avoid interacting with its decentralized application (DApp) until further notice. They also highlighted that Shezmu had successfully recovered 282.18 ETH from a “white hat” bounty hunter, suggesting that the hacker may have been motivated by ethical considerations as well as financial gain.
Additionally, Ancilia monitoring reported on X that Shezmu (ShezETH) had been attacked, potentially due to a key leak, resulting in the minting of an extra 9,900 ShezETH tokens, which were then exchanged for 332 ETH, valued at $880,000. They further noted that the ShezmuUSD vault was also compromised and that the collateral contract lacked sufficient protection, allowing anyone to mint collateral tokens.
With the exception of “white hat bounties” all the missing Shezmu funds have been recovered at the time of reporting. Nonetheless, Shezmu has advised investors to exercise caution and limit their interactions with its Oasis vault pending further updates.