According to Defi Llama data, the total value of funds locked on the protocol had dropped to less than $93,000 on December 25 from around $13 million.
Protocol for decentralised finance Defrost Finance said it was hacked on December 23, but blockchain security firm Peckshield speculated, citing “community intel,” that the exploit could have been a rug pull for $12 million.
The Defrost team stated in a tweet thread posted on December 25 that the first attack used a flash loan to drain funds from its V2 product. A larger attack exploited V1 using the owner key. The protocol, which provides leveraged trading on the Avalanche blockchain, did not specify the amount taken.
According to Peckshield’s analysis, the attack made use of a bogus collateral token as well as manipulated pricing.
rug pull can occur when developers create and fund a liquidity pool, only to withdraw the funds after investors have purchased the related token. According to Defi Llama data, the total value of funds locked on Defrost Finance, which peaked at $95 million in February, has dropped to around $13 million in recent weeks. On December 25, it had dropped to less than $93,000.
If the attack is a rug pull, it is quite unusual. Typically, the scheme’s team goes silent and cannot be reached. Defrost Finance, on the other hand, stated in a tweet that it is willing to negotiate a return of the funds with the perpetrators of the attack. An attempt to contact the company via Twitter was unsuccessful because direct messages were disabled on the account.
DeFiYield, which provides a security layer for smart contracts alongside a cross-chain digital asset management platform to help investors avoid being scammed or hacked, said it audited Defrost Finance a year ago and identified the smart contract vulnerability used in the hack.
According to Chainalysis, crypto investors lost over $2.8 billion last year due to rug pulls. Rug pulls accounted for 37% of the total illicit revenue from crypto scams that year, which was over $7.7 billion. The figure for 2022 is likely to be higher: According to a report from blockchain risk monitoring firm Solidus Labs, fraudsters deployed over 117,000 scam tokens through December 1, 41% more than in the entire year of 2021.