The DeFi lending protocol Blueberry has paused operations after a mystery exploit. Upon discovering the exploit, Blueberry urged users to withdraw funds promptly. Responding swiftly to the exploit, Blueberry halted operations.
On February 23, the Blueberry Protocol Foundation notified users about an ongoing exploit and advised them to withdraw funds promptly while operations were suspended
Adding to the problem, users encountered difficulties in withdrawing funds, which Blueberry acknowledged as frontend issues.
During this time, users encountered temporary downtime on both the Blueberry website and app, with an error message being displayed.
Approximately 30 minutes later, Blueberry officially announced the temporary pause of the protocol and successfully restored functionality to the website.
“Funds currently deposited are no longer exploitable and we will update as we have more information.” they said.
In a subsequent update, Blueberry revealed that user c0ffeebabe.eth preempted drained funds and secured them in the Blueberry multisig.
“The team is in contact with security and comms professionals and will attempt to contact the validator to return the remaining 91 ETH.”
Initially, 457 ETH was taken, but the white hat action retrieved and returned 366 ETH to the multi-sig wallet.
The protocol team reiterated:
“Deposited funds are currently safe. Only three markets were affected and the large majority had already returned. The total validator payment (loss) is 91 ETH. We are getting in touch and aim for a full repayment to users as the goal. The protocol is paused.”
Blueberry, a decentralized lending market offering up to 20x leveraged borrowing, saw its TVL drop from $4.5 million to $3.15 million post-exploit.
C0ffeebabe gained fame for retrieving around 2,879 ETH worth $5.4 million from an exploiter and returning it to Curve Finance in July 2023.
Ironically, Blueberry posted a “security overview” on Feb.22 claiming that it “starts with a security-first approach to development and risk mitigation to prevent any internal risk brought on by protocol activity”
Blueberry also stated that it has undergone audits from Hacken and Sherlock and has done two independent token security audits. However, the X post promoting the “security review” is no longer on its feed.
Read also: Ethereum Foundation alongside zkSync allocates $900K for ZK Layer 2 development
