DeFi protocol hacking: $12 million siphoned off from Defrost Finance V2

A hacker took advantage of the vulnerability of the DeFi Defrost Finance protocol to steal around 12 million euros. Only $93,000 remains of his $13 million TVL inventoried a few weeks ago.

V2 of Defrost Finance victim of hack

Defrost Finance is sad to announce that our V2 has suffered a hack, with an attacker using a flash loan function to withdraw funds.

The V1 is not affected. We will soon close the V2 UI and investigate further with our tech team.

Updates will be posted on our official channels.

— Defrost Finance 🔺 (@Defrost_Finance) December 24, 2022

” Defrost Finance regrets to announce that our V2 has been hacked by a hacker who used a flash loan function to withdraw funds.

V1 is not affected. We will close the V2 UI soon and investigate further with our technical team.

Updates will be posted on our official channels. »

This Defrost V2 hack announcement is from Saturday December 24th. 24 hours later, the same Twitter account kept its promise.

1/4 The Defrost team has been working around the clock to find out more details concerning the events of the past 48 hours.

A thread ⬇️

— Defrost Finance 🔺 (@Defrost_Finance) December 25, 2022

“The Defrost team has been working day and night to find more details about the events of the last 48 hours.

A thread. »

This flash loan attack took place on December 23, according to the company’s communication. Cointelegraph clarified that Doran, a member of the central team of Defrost Finance, would have been forced to comment on the subject after users of the DeFi protocol complained of abnormal losses of funds.

The December 25 Twitter thread states that the hacker “ also managed to steal the owner’s key for a much larger second attack on the V1 by Defrost. Result: Defrost Finance (MELT) and Avalanche (AVAX) tokens worth 12 million dollars have disappeared.

An investigation is underway, they reassured.

A setup ?

⚡️ We have warned DeFi Community about the smart contract vulnerability @Defrost_Finance used to rug pull its users.

1 year ago we performed an audit on Defrost.

Audit link: https://t.co/u2JBm7zAq8

Don’t wanna get scammed in Crypto?

Follow DeFiYield Audits! 🚨 https://t.co/4Osx19KE0f pic.twitter.com/eIgx3rFn69

— DeFiYield 🛡️ Web 3 Security (@DefiyieldSec) December 25, 2022

” We have warned the DeFi community about the smart contract vulnerability. Defrost Finance used it to raffle off its users.

1 year ago, we carried out an audit on Defrost.

Audit link: https://defiyield.app/audit-database/defiyield/defrost_finance

Don’t want to get scammed in Crypto?

Follow the DeFiYeld audits! »

Some analysts like DeFiYeld argued that the $12 million loss would be a rug pull and not a clever hack. This sum is much closer to the total value of funds blocked on the DeFi protocol a few weeks ago. To think that in the month of February, Defrost’s TVL peaked at $95 million.

🚨 THIS is THE MOST SNEAKY way to RUG PULL users crypto has EVER SEEN! 🚨

11 p.m., @Defrost_Finance announced that its V2 has suffered a hack.

Was it really a Hack?

NO. They have RUG PULLED ‼️

🚨 Here is how they LIED to everyone 👇 pic.twitter.com/Swu6kd7WPC

— DeFiYield 🛡️ Web 3 Security (@DefiyieldSec) December 25, 2022

The rug pull thesis has been dismissed by other observers. Defrost Finance would not have shown a willingness to negotiate with hackers if that were true. In our article on “The 10 worst acts of hacking recorded in 2021”, we highlighted the vulnerability of DeFi protocols. Until now, isn’t their optimization on the agenda?

Receive a digest of news in the world of cryptocurrencies by subscribing to our new service of newsletter daily and weekly so you don’t miss any of the essential Tremplin.io!