April 21, 2022

Beosin’s Analysis of the ZEED Exploit

On April 21th, 2022, according to Beosin EagleEye, ZEED’s contract on BNB Chain was exploited for about $100M. Beosin security team analyzed the incident and the findings are shown below.

ZEED Introduction

ZEED is a decentralized financial ecosystem deployed on BNB Chain.

Relevant Information

Transaction hash:


Hacker address:


Hacker contract:


Victim contract:


Exploitation Flow

1.The hacker transfers to the three trading pairs ZEED, HOR, USDT through YEED respectively.

2. Repeat this operation several times.

3. Since ZEED tokens are calculated by adding or subtracting directly from the balance of the trading pair, this vulnerability can be utilized to increase the balance and get excess rewards from the pair.

Vulnerability Analysis

This attack mainly exploits the fact that ZEED contract directly calculates the balance using rewardFee passed in, but does not use the separate calculation of zedreward, horward, usdtreward, so that the hacker can exploit the calculation vulnerability to profit.

Fund Tracing

As of this writing, the stolen funds are estimated to be $1,043,070. The contract has been self-destructed before the hacker transfers out the funds.


In response to this incident, Beosin security team recommends:

1. Do not directly add or subtract trading pairs in tokens with dividends.

2. Before the project goes live, it is highly recommended to choose a professional security audit company to conduct a comprehensive security audit to avoid security risks.

If you have need any blockchain security services, please contact us:

Website Email Official Twitter Alert Telegram LinkedIn

Related Project

Related Project Secure Score

Guess you like
Learn More
  • $34M Locked Due to Contract Vulnerabilities in Akutar: Beosin’s Full Analysis

    April 23, 2022

  • How to quickly track assets laundered by Hacker’s Paradise-Tornado Cash? Beosin may help you

    April 21, 2022

  • Beosin Has Completed Security Audit Service of Crafting

    April 21, 2022

  • Beosin’s Analysis of the 2omb Flash Loan Attack

    April 19, 2022

Join the community to discuss.