Financing procedure that doesn’t rely on a central authority. However, blockchain security firm PeckShield, suggested that the exploit may have been a rug pull that made off with $12 million. Another security firm, Certik, has claimed that it cannot contact team members. Defrost Finance reported being hacked on Friday.
The Defrost team revealed the first attack on its V2 product on Sunday in a sequence of tweets. The hack employed a flash loan to steal money. A second, more extensive assault exploited V1 with the owner key. This Avalanche blockchain system, which allows for leveraged trade, does not reveal how much was stolen.
1/4 The Defrost team has been working around the clock to find out more details concerning the events of the past 48 hours.
A thread ⬇️
— Defrost Finance 🔺 (@Defrost_Finance) December 25, 2022
Based on their research, PeckShield determined that the attackers employed a bogus collateral token and price manipulation to carry out their crime.
When developers construct a liquidity pool for their token, take the money out of it after investors buy the token, and then disappear, this is known as a rug pull or exit scam. According to Defi Llama, the total worth of money frozen on Defrost Finance has dropped from its peak of $95 million in February to around $13 million in recent weeks. The sum had fallen to just $93,000 on Sunday.
This is a peculiar attack if it is a rug pull. The conspirators typically disappear when the conspiracy is exposed. However, Defrost Finance tweeted about the incident and indicated it was open to talking with the hackers who carried it out to recover the stolen funds.
However, direct messages on the account have been disabled, so attempts to contact the business via Twitter were unsuccessful.
Monday morning, Certik tweeted that it has “tried to reach numerous members of the team but have received no answer.” A graphic that accompanied the article said that this proved DeFrost to be a hoax.
An audit of Defrost Finance was completed by DeFiYield, a company that provides a security layer for smart contracts to protect investors from fraud and hacking, a year ago. DeFiYield then brought attention to the smart contract weakness used in the breach.
⚡️ We have warned DeFi Community about the smart contract vulnerability @Defrost_Finance used to rug pull its users.
1 year ago we performed an audit on Defrost.
Audit link: https://t.co/u2JBm7zAq8
Don’t wanna get scammed in Crypto?
Follow DeFiYield Audits! 🚨 https://t.co/4Osx19KE0f pic.twitter.com/eIgx3rFn69
— DeFiYield 🛡️ Web 3 Security (@DefiyieldSec) December 25, 2022
According to Chainalysis, crypto investors lost over $2.8 billion via rug pulls in 2017. Nearly $3 billion, or 37%, of the over $7.7 billion in illegal cryptocurrency earnings that year came via rug pulls. There is a good chance that the number for 2022 will be more significant: Fraudsters have used over 117,000 scam tokens by December 1st, which is 41% higher than in all of 2021, according to blockchain firm Solidus Labs.