DeFi flash loan hacker liquidates Defrost Finance users causing $12M loss
Defrost Finance, a decentralized leveraged buying and selling platform on Avalanche blockchain, introduced that each of its variations — Defrost V1 and Defrost V2 — are being investigated for a hack. The announcement got here after buyers reported dropping their staked Defrost Finance (MELT) and Avalanche (AVAX) tokens from the MetaMask wallets.
Moments after just a few customers complained concerning the uncommon lack of funds, Defrost Finance’s core workforce member Doran confirmed that Defrost V2 was hit with a flash mortgage assault. On the time, the platform believed that Defrost V1 was not impacted by the hack and determined to shut down V2 for additional investigation.
On the time, the platform believed Defrost V1 was not impacted by the hack and determined to shut down V2 for additional investigation.
Defrost Finance is unhappy to announce that our V2 has suffered a hack, with an attacker utilizing a flash mortgage perform to withdraw funds.
The V1 just isn’t affected. We are going to quickly shut the V2 UI and examine additional with our tech workforce.
Updates might be posted on our official channels.
— Defrost Finance (@Defrost_Finance) December 24, 2022
Blockchain investigator PeckShield discovered that the hacker manipulated the share worth of LSWUSDC, resulting in a achieve of roughly $173,000 for the hacker. Upon additional evaluation, PeckShield’s investigation revealed:
“Our evaluation exhibits a pretend collateral token is added and a malicious worth oracle is used to liquidate present customers. The loss is estimated to be >$12M.”
Whereas the corporate proactively introduced the hack, the group suspects a rug-pull scenario at play.
Defrost V1 was initially introduced unaffected by the hack as the primary model of Defrost lacked a flash mortgage perform.
Nonetheless, the platform later acknowledged an emergency for V1 as effectively, stating:
“Our workforce is presently investigating. We kindly ask the group to attend for updates and chorus from utilizing both the V1 or V2 for the second.”
Till additional discover, buyers are suggested to cease utilizing Defrost Finance. An inner workforce is presently investigating the scenario and can attain out to customers via official channels.
Defrost Finance has not but responded to Cointelegraph’s request for remark.
Associated: Raydium pronounces particulars of hack, proposes compensation for victims
In 2022, North Korean hackers stole crypto value greater than 800 billion Korean gained ($620 million) from decentralized finance (DeFi) platforms alone.
A spokesperson from South Korea’s Nationwide Intelligence Service (NIS) revealed that each one North Korean hacks had been completed via abroad DeFi exploits. Nonetheless, with Know Your Buyer (KYC) initiatives in place, the full variety of North Korean hacks noticed a big discount.
