Decentralized Finance protocol, Defrost Finance has reportedly been hacked on December 23; however, blockchain security firm Peckshield, claiming “community intel,” revealed that the exploit may have been a rug pull that netted $12 million.
The Defrost team said that the first attack used a flash loan to siphon money from its V2 product in a Twitter thread published on December 25. Using the owner key, V1 was exploited in a second, more significant attack. The Avalanche blockchain’s leveraged trading protocol did not specify how much money had been taken.
The team initially claimed that Defrost v1 was not affected by the hack but advised users to “refrain from using either the V1 or V2 for the moment.” However, Doran, a core team member, has confirmed an attack on the two finance versions of Defrost. Revealing this via discord he stated that “it appears that V1 has been compromised, as well.”
According to Peckshield’s study, the attack made use of a fake collateral token and manipulated price.
A rug pull happens when developers set up a liquidity pool and then take the money out after investors have purchased the associated token. According to Defi Llama data, the total amount of money frozen on Defrost Finance, which peaked at $95 million in February, was under $13 million recently. On December 25th, it fell to less than $93,000.
Was this a Rug Pull?
The notion that this new development with Defrost Finance is a rug pull might be debatable. This is because in the previous rug pulls, the team behind the scheme went MIA and they cannot be contacted. However, in the case of Defrost Finance, they revealed via a Twitter post that they are open to negotiating with the hackers for a possible refund.
DeFiYield, which provides a security layer for smart contracts together with a cross-chain digital asset management platform to protect investors from fraud and hacking, claimed to have audited Defrost Finance a year ago and identified the smart contract flaw that was leveraged in the hack. They further added that they had warned the DeFi protocol about this vulnerability but it seems nothing was done about it.
The year 2022 has recorded a higher amount of hacks in the crypto space compared to 2021. A large number of the top dogs in the space have had their fair share of the bitter pie. Rounding up the year, another hack has been recorded, increasing the total amount that has been lost to hacks in the year 2022.
Read also:
US approves NFT as a fundraising tool for elections
How Paxos recovered $20m stolen from the FTX hack
