Latest news about Bitcoin and all cryptocurrencies. Your daily crypto news habit.
“Merry Christmas guys. We got a lump of coal from Santa Claus,” wrote one user in response to the allegations and the incident.
On Dec. 26, blockchain security firm CertiK issued a warning alleging that Defrost Finance, a decentralized leverage-trading platform on the Avalanche blockchain that recently suffered an exploit, is an “exit scam.” The move came just as Defrost announced that “the hacker involved in the V1 hack [but not the v2 hack] has returned the funds.” CertiK wrote:
“On 24 December we have seen an #exitscam on @Defrost_Finance. We have attempted to contact multiple members of the team but have had no response. The team are not KYC’d but we are using all the information that we do have to assist with authorities.”
On Dec. 23, Defrost Finance suffered a flash loan attack that drained protocol users of $12 million in assets on its v1 and v2 protocols. Immediately after the exploit, blockchain analytics firm PeckShield also issued a warning, alleging the operation was a “rugpull”:
“We received community intel warning the rugpull of @Defrost_Finance.Our analysis shows a fake collateral token is added and a malicious price oracle is used to liquidate current users. The loss is estimated to be >$12M.”
In a brief post-mortem analysis, project developers said that hackers also managed to steal the owner key for a much larger attack on its v1 protocol than the flash loan exploit. Defrost has offered to negotiate “sharing 20% (negotiable) of the funds in exchange for the bulk of assets and are calling on the hackers to contact us asap.”
After posting an Ethereum wallet address on its social page, close to $3 million worth of digital assets had been transferred there at the time of publication. In a Medium post published hours later, Defrost explained that the v1 hacker had returned the stolen funds to an address controlled by the project developers.
“We will soon start scanning the data on-chain to find out who owned what prior to the hack in order to return them to the rightful owners. As different users had variable proportions of assets and debt, this process might take a little. However, it will be concluded fairly swiftly.”
CertiK's Skynet alert for Defrost. Source: CertiK
This is a developing story and will be updated accordingly.
Update (Dec. 26 at 3:50 pm UTC): Added information from Derost regarding the return of funds from the v1 attacker
Publication date
Disclaimer
The views and opinions expressed in this article are solely those of the authors and do not reflect the views of Bitcoin Insider. Every investment and trading move involves risk - this is especially true for cryptocurrencies given their volatility. We strongly advise our readers to conduct their own research when making a decision.