According to Foresight News, Shezmu, a leveraged yield protocol, issued a notice that one of its vaults had been exploited and users were advised not to interact with its DApp until further notice. Shezmu announced that it had offered a 10% bounty to the hacker for the funds exploited, which must be returned within 24 hours. Shezmu updated that it had recovered 282.18 ETH from a white hat bounty hunter.
According to Ancilia monitoring, Shezmu (ShezETH) was attacked, possibly due to a key leak, and an additional 9,900 ShezETH tokens were minted and exchanged for 332 ETH (worth $880,000). The minter was awarded the contract 17 days ago. In addition, ShezmuUSD was also hacked, and it is impossible to determine whether this is related to the Deployer key leak. The mortgage contract has no mint() protection, which allows anyone to mint mortgage tokens.