Protocol for decentralized finance Although blockchain security company Peckshield claimed, citing “community information,” that Defrost Finance was hacked on December 23, it may have actually been a scam to steal $12 million.
The Defrost team claimed in a tweet thread published on December 25 that the first attack used a flash loan to siphon money from its V2 product. The owner key was used to exploit V1 in a second, more significant attack. The leveraged trade protocol on the Avalanche blockchain didn’t specify how much money had been taken.
1/4 The Defrost team has been working around the clock to find out more details concerning the events of the past 48 hours.
A thread ⬇️
— Defrost Finance 🔺 (@Defrost_Finance) December 25, 2022
According to Peckshield’s study,
the assault made use of a bogus collateral token and manipulated price.
A rug pull can happen if developers set up a liquidity pool and then take the money out after investors have purchased the associated token. According to Defi Llama data, the total amount of money held on Defrost Finance, which peaked at $95 million in February, has recently been around $13 million. On December 25th, that fell to less than $93,000.
If a rug pull is an attack, that would be unique. Usually, the group responsible for the scheme disappears and cannot be reached. However, Defrost Finance stated in a tweet that it is open to bargaining with the perpetrators of the attack for a return of the monies. A Twitter attempt to contact the company was unsuccessful due to the account’s disabling of direct messages.
DeFiYield, a cross-chain digital asset management platform that provides a security layer for smart contracts to protect investors from being scammed or hacked, claimed to have audited Defrost Finance a year ago and identified the smart contract flaw that was exploited in the breach.
⚡️ We have warned DeFi Community about the smart contract vulnerability @Defrost_Finance used to rug pull its users.
1 year ago we performed an audit on Defrost.
Audit link: https://t.co/u2JBm7zAq8
Don't wanna get scammed in Crypto?
— De.Fi Antivirus Web3 🛡️ (@DeDotFiSecurity) December 25, 2022
According to research by Chainalysis, crypto investors lost over $2.8 billion to rug pullers last year. 37% of the more than $7.7 billion in criminal profits generated by cryptocurrency schemes that year came from rug pulls. The number in 2022 is probably higher: According to research from the blockchain risk monitoring company Solidus Labs, scammers have used over 117,000 scam tokens as of December 1—41% more than they did in all of 2021.