Until now, Defrost Finance had not publicly commented on the rug-pull allegations in the media.
Defrost Finance, the decentralized trading platform that was the victim of a $12 million hack in the days leading up to Christmas, has denied allegations that it “rugged” its users as part of an elaborate “exit scam.”
On December 23, the platform announced that it had been the victim of a flash loan attack, which resulted in the draining of user funds from its v2 protocol. A day later, a hacker stole the admin key for a second “much larger” attack on the v1 protocol.
It is believed that the attacker or attackers carried out the flash loan attack by including a bogus collateral token and a malicious price oracle in order to liquidate users.
Observers, including blockchain security firms Peckshield and CertiK, as well as asset management platform DeFiYield, have suggested that members of the team may have been behind the “exit scam” — given that the exploit required an admin key.
However, in an exclusive statement to Cointelegraph on December 28, the team behind Defrost Finance broke its silence on the accusations, stating, “We deny the accusations that the team rugged users. As much as the incident may cause public skepticism, a compromised key does not imply a rugpull.”
Defrost’s denial of involvement was based on two key arguments.
First, Defrost claimed that if they had planned to stage a rug pull, they would have done so months ago, when the rug’s total value locked (TVL) approached $200 million.
Defrost Finance’s TVL had dropped to just $13.14 million on December 23, the day of the first attack, according to DefiLlama.
“Anyone behind a rugpull would almost certainly have defrauded investors when our TVL was 15 times what it is now.”
Second, Defrost contended that if they were the perpetrators, they would have “fled” long ago, which they have not done.
“[Anyone] anticipating the inevitable attention from the crypto community would have fled long ago. “Yet here we are, working to return the funds to their rightful owners,” the statement said.
The announcement by Defrost Finance came just hours after the decentralized finance investment platform DeFiYield accused Defrost Finance of “rug pulling” its users in a Medium blog post on December 27.
DeFiYield cited on-chain data claiming that the creator of the multisig wallet was the same address that requested and later approved the transactions that inserted the malicious source oracle that liquidated users.
It also claimed that the developers behind Defrost Finance were the same as those behind Phoenix Finance (FinNexus), which was exploited for $7.6 million in what some speculated was a “inside job” in May 2021.
