Verify a decision

{"actor":"system:backfill","investigation_id":"1dafc2ab-6e3c-49dc-bb1c-78c65c176fd3","kind":"publish","page_slug":"unizen","published_at":"2026-05-28T08:10:51.904Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Unizen","sections":[{"content":"On March 8, 2024, Unizen's DEX aggregation smart contract on Ethereum was exploited for approximately $2.1 million in USDT. Blockchain security firm PeckShield identified the root cause as an unsafe external call vulnerability introduced when Unizen upgraded its trade aggregator contract to optimize gas fees and increase token spending limits. The vulnerability allowed attackers to drain funds from user accounts that had previously approved the contract for token spending. The attack comprised 14 transactions across two primary attack contracts. Attackers converted the stolen USDT into DAI via Uniswap. PeckShield publicly disclosed the flaw and recommended that users revoke approvals. Security firm SlowMist independently confirmed losses of approximately $2.1 million. Proof-of-concept exploit code was subsequently published to the DeFiHackLabs repository on GitHub, demonstrating full reproducibility of the attack.","heading":"March 2024 Smart Contract Exploit","severity":"critical","sources":[{"credibility":2,"name":"Explained: The Unizen Hack (March 2024) — Halborn","type":"research","url":"https://www.halborn.com/blog/post/explained-the-unizen-hack-march-2024"},{"credibility":2,"name":"The Unizen Hack: A $2.1M Lesson in Smart Contract Vulnerability — Vidma","type":"research","url":"https://www.vidma.io/blog/the-unizen-hack-a-2-1m-lesson-in-smart-contract-vulnerability"},{"credibility":2,"name":"$2 Million DeFi Exploit Highlights Smart Contract Risks — BeInCrypto","type":"news_article","url":"https://beincrypto.com/unizen-defi-hack-million/"},{"credibility":2,"name":"Unizen platform hacked for $2.1 million — Web3 Is Going Great","type":"community_report","url":"https://www.web3isgoinggreat.com/?id=unizen-hack"}]},{"content":"On March 11, 2024, Unizen announced an immediate reimbursement plan. CEO and founder Sean Noga personally loaned the majority of the required funds to the company for payouts. Unizen stated it would make over 99% of affected users whole. Users who lost $750,000 or less received instant reimbursement in USDT or USDC. Users who lost more than $750,000 were handled on a case-by-case basis. The company simultaneously sent on-chain messages to the attacker offering a 20% bounty for the return of remaining stolen funds; the attacker did not respond. Unizen also committed to enhanced security practices and stated it was collaborating with third-party security firms and law enforcement to identify the hacker.","heading":"Reimbursement Response","severity":"medium","sources":[{"credibility":2,"name":"Unizen Announces Instant Reimbursement for $2.1M Hack Victims — Coinspeaker","type":"news_article","url":"https://www.coinspeaker.com/unizen-reimbursement-2-1m-hack-victims/"},{"credibility":2,"name":"DeFi protocol Unizen to provide immediate reimbursement after $2.1M hack — CoinTelegraph","type":"news_article","url":"https://cointelegraph.com/news/unizen-hack-immediate-refund"},{"credibility":2,"name":"Unizen Pledges Reimbursements After $2.1M Loss in Platform Breach — CryptoNews","type":"news_article","url":"https://cryptonews.com/news/unizen-security-breach-results-1m-loss-vows-reimbursments/"}]},{"content":"On August 7, 2024, PeckShield flagged the first movement of stolen funds since the March 8 exploit. The attacker transferred 2,179,859 DAI to an intermediate wallet, converted it to approximately 865.4 ETH (worth roughly $2.16 million at the time), and routed the ETH through Tornado Cash across 26 separate transactions. The use of the mixing service effectively obfuscated the trail of the stolen funds. Unizen's CTO Martin Granström stated the company continued to work with security experts and law enforcement, though no public announcement of an arrest or fund recovery has been made as of the time of this investigation.","heading":"Fund Laundering via Tornado Cash","severity":"critical","sources":[{"credibility":2,"name":"Unizen hacker transfers $2.1M stolen funds to Tornado Cash — CoinTelegraph","type":"news_article","url":"https://cointelegraph.com/news/defi-protocol-hacker-siphons-2-1m-unizen-loot"},{"credibility":2,"name":"Unizen Hacker Moves Stolen $2.1 Million to Tornado Cash — Coinspeaker","type":"news_article","url":"https://www.coinspeaker.com/unizen-hacker-2-1m-tornado-cash/"},{"credibility":2,"name":"Unizen Hack Update: Over $2 Million Laundered by Hacker Through Tornado Cash — CoinMarketCap/CoinPedia","type":"news_article","url":"https://coinmarketcap.com/community/articles/66b35f5d8fa5345ac7296455/"},{"credibility":2,"name":"Unizen attacker moves $2.1m via Tornado Cash — Crypto.news","type":"news_article","url":"https://crypto.news/unizen-attacker-moves-2-1m-via-tornado-cash/"}]},{"content":"Prior to the March 2024 exploit, Unizen had engaged Halborn and Verichain to conduct security audits in 2022. Despite these audits, neither firm identified the class of vulnerability that was ultimately exploited. The Vidma post-mortem noted that the vulnerability was introduced during an upgrade — a change that occurred after the existing audits were completed — and that no new audit was conducted for the upgraded contract. The incident illustrated a recognized gap in DeFi security practices: point-in-time audits do not cover post-deployment contract upgrades unless each upgrade is independently reviewed. Proof-of-concept code for the exploit was published publicly on the DeFiHackLabs GitHub repository after the attack.","heading":"Audit Failures and Security Practices","severity":"high","sources":[{"credibility":2,"name":"The Unizen Hack: A $2.1M Lesson in Smart Contract Vulnerability — Vidma","type":"research","url":"https://www.vidma.io/blog/the-unizen-hack-a-2-1m-lesson-in-smart-contract-vulnerability"},{"credibility":2,"name":"Explained: The Unizen Hack (March 2024) — Halborn","type":"research","url":"https://www.halborn.com/blog/post/explained-the-unizen-hack-march-2024"}]},{"content":"Unizen operates as a cross-chain enabled DEX aggregator and smart exchange ecosystem under the corporate entity Zen Innovations Pte Ltd., incorporated in Singapore. The platform's native utility token, ZCX, is listed on several centralized exchanges and functions as a governance, staking, and fee-reduction instrument. The token reached an all-time high of approximately $6.97 on September 14, 2021, and has since declined significantly. Unizen is building ZenChain, an EVM-compatible Layer-1 blockchain designed for cross-chain interoperability. A Q1 2025 mainnet launch was publicly targeted; internal testnet was reported live as of late 2024. CEO Sean Noga has been involved in crypto since 2014 and previously served at Jun Capital, a crypto venture capital firm. Noga does not maintain a LinkedIn profile; his professional background relies largely on self-reported information via Unizen's own channels.","heading":"Platform Background and Token","severity":"medium","sources":[{"credibility":2,"name":"What is Unizen (ZCX)? — Gate.com","type":"other","url":"https://www.gate.com/learn/articles/what-is-unizen-zcx/5477"},{"credibility":2,"name":"Unizen (ZCX): Your Gateway to Effortless Omni-Chain Crypto Trading — Phemex","type":"other","url":"https://phemex.com/academy/what-is-unizen-zcx"},{"credibility":3,"name":"Unizen to Launch ZenChain Mainnet in Q1 — Coindar","type":"other","url":"https://coindar.org/en/event/unizen-to-launch-zenchain-mainnet-in-q1-122863"}]},{"content":"As of mid-2025, Unizen reported continued platform development including SDK updates, new DEX integrations (UniswapX, 1inch, Bebop), and cross-chain routing improvements. The platform remained operational across Ethereum, Polygon, BNB Chain, Arbitrum, Optimism, Avalanche, Base, and Fantom. A mobile application launch and ZenChain mainnet were included in the published roadmap. No regulatory actions, law enforcement charges, or confirmed fund recovery related to the March 2024 hack have been publicly reported as of the time of this investigation.","heading":"Current Operational Status","severity":"low","sources":[{"credibility":2,"name":"What is Unizen? (2025 Update) — Gate.com","type":"other","url":"https://www.gate.com/learn/articles/what-is-unizen/2832"},{"credibility":2,"name":"Unizen Overview — Documentation","type":"official","url":"https://docs.unizen.io/"}]}],"sources_used":[{"credibility":2,"name":"Explained: The Unizen Hack (March 2024) — Halborn","type":"research","url":"https://www.halborn.com/blog/post/explained-the-unizen-hack-march-2024"},{"credibility":2,"name":"The Unizen Hack: A $2.1M Lesson in Smart Contract Vulnerability — Vidma","type":"research","url":"https://www.vidma.io/blog/the-unizen-hack-a-2-1m-lesson-in-smart-contract-vulnerability"},{"credibility":2,"name":"Unizen Announces Instant Reimbursement for $2.1M Hack Victims — Coinspeaker","type":"news_article","url":"https://www.coinspeaker.com/unizen-reimbursement-2-1m-hack-victims/"},{"credibility":2,"name":"$2 Million DeFi Exploit Highlights Smart Contract Risks — BeInCrypto","type":"news_article","url":"https://beincrypto.com/unizen-defi-hack-million/"},{"credibility":2,"name":"Unizen platform hacked for $2.1 million — Web3 Is Going Great","type":"community_report","url":"https://www.web3isgoinggreat.com/?id=unizen-hack"},{"credibility":2,"name":"DeFi protocol Unizen to provide immediate reimbursement after $2.1M hack — CoinTelegraph","type":"news_article","url":"https://cointelegraph.com/news/unizen-hack-immediate-refund"},{"credibility":2,"name":"Unizen hacker transfers $2.1M stolen funds to Tornado Cash — CoinTelegraph","type":"news_article","url":"https://cointelegraph.com/news/defi-protocol-hacker-siphons-2-1m-unizen-loot"},{"credibility":2,"name":"Unizen Hacker Moves Stolen $2.1 Million to Tornado Cash — Coinspeaker","type":"news_article","url":"https://www.coinspeaker.com/unizen-hacker-2-1m-tornado-cash/"},{"credibility":2,"name":"Unizen attacker moves $2.1m via Tornado Cash — Crypto.news","type":"news_article","url":"https://crypto.news/unizen-attacker-moves-2-1m-via-tornado-cash/"},{"credibility":2,"name":"Unizen Pledges Reimbursements After $2.1M Loss — CryptoNews","type":"news_article","url":"https://cryptonews.com/news/unizen-security-breach-results-1m-loss-vows-reimbursments/"},{"credibility":2,"name":"DeFi Trading Platform Unizen Exploited For $2 Million, Offers 20% Bounty — IBTimes","type":"news_article","url":"https://www.ibtimes.com/defi-trading-platform-unizen-exploited-2-million-offers-20-bounty-3726877"},{"credibility":2,"name":"What is Unizen? (2025 Update) — Gate.com","type":"other","url":"https://www.gate.com/learn/articles/what-is-unizen/2832"},{"credibility":3,"name":"Unizen to Launch ZenChain Mainnet in Q1 — Coindar","type":"other","url":"https://coindar.org/en/event/unizen-to-launch-zenchain-mainnet-in-q1-122863"}],"summary":"Unizen is a cross-chain DEX aggregator and smart exchange ecosystem operating on Ethereum and multiple other networks, with a native utility token ZCX. On March 8, 2024, the platform suffered a $2.1 million exploit caused by an unsafe external call vulnerability introduced during a smart contract upgrade; the attacker subsequently laundered the stolen funds through Tornado Cash in August 2024. Despite a CEO-funded reimbursement covering approximately 99% of affected users, the incident raised significant questions about upgrade security practices given that two prior audits (Halborn, Verichain 2022) had not caught the flaw.","timeline":[{"date":"2021-09-14","event":"ZCX token reaches all-time high of approximately $6.97.","source":"CoinGecko","source_url":"https://www.coingecko.com/en/coins/unizen"},{"date":"2022-01-01","event":"Unizen engages Halborn and Verichain for security audits of smart contracts.","source":"Vidma post-mortem","source_url":"https://www.vidma.io/blog/the-unizen-hack-a-2-1m-lesson-in-smart-contract-vulnerability"},{"date":"2024-03-08","event":"Unizen DEX aggregation smart contract exploited for approximately $2.1 million in USDT via an unsafe external call vulnerability introduced during a contract upgrade. PeckShield identifies the flaw.","source":"BeInCrypto / PeckShield","source_url":"https://beincrypto.com/unizen-defi-hack-million/"},{"date":"2024-03-08","event":"Unizen team sends on-chain messages to attacker offering a 20% bounty for return of stolen funds.","source":"Web3 Is Going Great","source_url":"https://www.web3isgoinggreat.com/?id=unizen-hack"},{"date":"2024-03-11","event":"CEO Sean Noga announces personal loan of reimbursement funds to cover over 99% of affected users; immediate payouts begin in USDT/USDC for losses under $750,000.","source":"Coinspeaker","source_url":"https://www.coinspeaker.com/unizen-reimbursement-2-1m-hack-victims/"},{"date":"2024-08-07","event":"PeckShield flags the first movement of stolen funds since the March exploit. Attacker converts 2,179,859 DAI to 865.4 ETH and routes it through Tornado Cash across 26 transactions.","source":"CoinTelegraph","source_url":"https://cointelegraph.com/news/defi-protocol-hacker-siphons-2-1m-unizen-loot"},{"date":"2025-08-07","event":"Unizen reports infrastructure overhaul including SDK fixes, new DEX integrations, and deployment of a DRIP reward mechanism with TVL-linked staking APR.","source":"CoinMarketCap AI summary","source_url":"https://coinmarketcap.com/cmc-ai/unizen/latest-updates/"}]},"v":1}