DeFi criminals have been observed to cash in on the ‘spirit of giving.’
Decentralized finance protocol Defrost Finance became the latest victim of a flash loan attack on December 23rd that drained funds in the V2. The attacker used the owner key for the second time to exploit V1.
- According to the Twitter thread by Defrost Finance, the team is currently willing to negotiate with the individuals behind the attack and discuss sharing 20% of the funds in exchange for the bulk of assets.
- However, Peckshield said it received a “community intel” warning claiming that it was actually a rug pull of Defrost Finance. The investigator found that the share price of LSWUSDC was manipulated, which resulted in a $173,000 profit for the hacker.
- Further analysis shows the addition of a fake collateral token and a malicious price oracle that was used to liquidate current users.
- The loss is estimated to be approximately $12 million.
- Typically, in case of a rug pull, the team behind the project goes silent on social media.
- Defrost Finance’s core team member Doran, on the other hand, confirmed the flash loan that hit v2 was closed down for investigation. v1 was not impacted by the hack.
“We will keep on investigating and all relevant information will be shared with the community. We are thankful to the Defrost community for their ongoing support at this difficult time Our priority remains to recover the funds.”
- UPDATE: Hours after the exploit took place, the team behind the project said it has recovered all the funds.
The hacked funds have been returned to #DefrostFinance.
The affected users will very soon be able to claim their assets back.
— Defrost Finance 🔺 (@Defrost_Finance) December 26, 2022