Ethereum Classic

Defrost finance says it has recovered lost funds worth $12 million from hacker


Decentralized leverage trading platform on Avalanche, Defrost finance reported that all the funds lost due to an exploit on its platform on Dec. 23 were returned on Dec. 26 after claims of a possible rug pull.

Defrost Finance affirmed that it would return all the lost funds to the exploited users after scanning the on-chain data to determine the ownership and amount of funds owned by each affected user.

Earlier, the Avalanche-based protocol reported the platform had been hacked, with an attacker withdrawing funds using the flash loan function.

On Dec.24, the firm claimed that only their V2 product was affected, and V1 remained safe.

However, on Dec. 25, the team reported the hacker also obtained the owner key for a larger attack on the platform’s V1 product.

The hacker made almost $173k from the exploit, according to blockchain analytics firm PeckShield.

Upon further analysis, PeckShield revealed that a fake collateral token was added. A malicious price oracle was used to liquidate current users for a total loss of more than $12 million, indicating a possible rug pull.

Further, blockchain security firm Certik claimed that the exploit was an exit scam after they couldn’t get any response to their queries from Defrost Finance team.

On the same note, DeFiYieldApp, a Web3 security firm, tweeted that they warned the DeFi Community one year ago about the Defrost Finance smart contract vulnerability that allows the firm to rugpull its users.

Even though there are no clear indications whether the hack was a rug pull, the firm has shown a willingness to negotiate with the hackers to return funds.

On Dec. 25, the total value of funds locked on the protocol had dropped to less than $93,000 from $13.16 million after the attack, according to DefiLlama data.

Leave A Reply

Your email address will not be published.