• Defrost Finance, a decentralized finance (DeFi) platform on the Avalanche blockchain, has denied claims that it „rug pulled“ the project after $12 million was siphoned out of the smart contract last week.
• The attack was perpetrated through two separate exploits, with a hacker or hackers managing to appropriate the private key and minting 100 million H20 tokens.
• Defrost Finance has since retrieved all of the funds and is optimistic that all users who lost tokens will be reimbursed.
Decentralized finance (DeFi) platform Defrost Finance has been rocked by a major attack, with $12 million siphoned out of the smart contract last week. The team behind Defrost Finance, which is based on the Avalanche blockchain, has pushed back on claims that it was a rug pull, labelling them as „slanderous and inaccurate.“
The attack was perpetrated through two separate exploits. The first targeted the V2 contract with a „flash-loan re-entrancy“ exploit, while the far larger second attack occurred on Christmas Eve. It was here that the hacker or hackers managed to successfully appropriate the private key and minted 100 million H20 tokens. The hacker then liquidated the existing vaults by manipulating the vaults‘ oracles and draining funds.
Exploits involving price oracles have become unfortunately common this year. This includes the Mango Markets incident, in which crypto investor Avraham Eisenberg was arrested in Puerto Rico for manipulating the oracle and resulting in a $114 million loss. The attacker in that case returned $67 million shortly afterwards.
Defrost Finance, which is also the group behind the failed DeFi protocol Phoenix Finance, has since retrieved all of the funds stolen in the attack. This was done by offering a bounty to the hacker and the team is now „very optimistic“ that all users who lost tokens will be reimbursed.
The incident serves as a stark reminder of the security threats that DeFi projects face. This makes it even more important for teams behind these projects to remain vigilant in their security measures and protocols. Defrost Finance’s swift actions in retrieving the funds should be commended, and the team’s optimism that all users will be reimbursed is encouraging.