According to TechFlow, on September 21, according to the monitoring of Web3 security agency Ancilia, Inc., 9,900 additional ShezETH tokens were minted, and then exchanged for 332 ETH, which is about $880,000 at the current market price. ShezmuUSD tokens also suffered a security vulnerability and 98 billion were illegally minted.
Analysis shows that a specific address (0x59247625a6a9f31a60a6f7749d9ce319b5ff0e9c) obtained the minting permission 17 days ago, which may be the key point of the attack. It is not yet clear whether this incident is due to the leakage of the deployer's private key, and the investigation is still ongoing. The mortgage contract of the Shezmu protocol has a major design flaw and lacks the necessary mint() function protection mechanism, allowing any address to perform minting operations.