TechFlow reports that on September 21, according to Web3 security firm Ancilia, Inc., an additional 9,900 ShezETH tokens were minted and subsequently swapped for 332 ETH, worth approximately $880,000 at current market prices. The ShezmuUSD token was also compromised, with 98 billion tokens illegally minted.
Analysis indicates that a specific address (0x59247625a6a9f31a60a6f7749d9ce319b5ff0e9c) gained minting privileges 17 days ago, which may have been the critical vulnerability exploited in the attack. It remains unclear whether the incident stemmed from a compromise of the deployer's private key, and the investigation is ongoing. The Shezmu protocol's collateral contract has a significant design flaw: it lacks proper access control on the mint() function, allowing arbitrary addresses to mint tokens.




