Defrost Finance Smashes Rug Pull Rumors After Losing $12 Million Exploit
- Claims that Defrost Finance canceled the project after $12 million was stolen from the smart contract last week have been refuted by the company.
- According to a Defrost Finance spokesman, the first of two attacks used a “flash-loan re-entrancy” exploit to target the V2 contract.
- Defrost Finance has also carefully planned to be able to refund users. The team also publishes information related to the exploit and constantly updates it, unlike some other platforms that just stay silent after such incidents take place.
After $12 million was stolen from the smart contract last week, Defrost Finance, an Avalanche blockchain-based DeFi platform, disputed allegations relating to the rug pull.
This week, the blockchain security company DeFiYieldSec claimed that the alleged exploit was an inside job. It asserted that the address that created Defrost Finance‘s multi-sig wallet also asked for the oracle to be changed prior to the alleged exploit.
According to a Defrost Finance spokesman who talked to CoinDesk, the first of two attacks used a “flash-loan re-entrancy” exploit to target the V2 contract.
The second, much more significant attack took place on Christmas Eve, according to the spokesman. This time, the hacker or hackers were successful in stealing the private key, using it to add a false collateral token and price oracle before printing 100 million H20 tokens. The hacker then used the existing vaults’ oracles to his advantage to drain money from them.
Following the offering of a reward to the hacker on Monday, Defrost Finance claimed to have recovered all of the funds.
Besides, Defrost has also carefully planned to be able to refund users. The team also publishes information related to the exploit and constantly updates it, unlike some other platforms that stay silent after such incidents take place.
On December 25, Defrost Finance said that both of its versions, Defrost v1 and Defrost v2, are under investigation for hacking. In particular, the Defrost team claimed in a tweet thread published that a first assault utilized a flash loan to siphon money from its V2 product. A second larger attack used the owner key to exploit V1. The leveraged trade protocol on the Avalanche blockchain didn’t specify how much money had been stolen.
After the incident, a lot of accusations were made that this was a rug-pull scheme.
DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.
Join us to keep track of news: https://linktr.ee/coincu