The bZx post-mortem describes a phishing-driven compromise in which a developer’s private keys were stolen, giving the attacker access to bZx deployments on BSC and Polygon while leaving the Ethereum deployment unaffected. The attacker changed proxy targets on both chains within seconds, drained protocol and user-approved funds, and used automated steps to move assets from the affected contracts. The source notes that an independent security firm analyzed the spear-phishing trojan and identified the group it believed responsible, but the excerpt does not name or substantiate a DPRK actor. Additional leads included IP addresses tied to VPN/ISP providers, a wallet connection to the Bondly Finance exploit, and FixedFloat funding traces.