Various hacking attacks continue to attract attention in the Bitcoin and altcoin market. A decentralized finance (DeFi) protocol was hacked for $2 million at launch. It turns out that the protocol’s smart contract is different from the audited smart contract. Here are the details…
Hack alert for altcoin project
Decentralized finance (DeFi) protocol Hope Finance lost nearly $2 million worth of crypto assets on Feb. The DeFi protocol claimed that the hacker who defrauded its community was a Nigerian named Ugwoke Pascal Chukwuebuka. Blockchain security firm Peckshield reported that the scammer transferred 1095 Ethereum (ETH) via the hashing protocol of Tornado Cash.
According to a spokesperson for its controller, Cognitos, the smart contract that the malicious actor exploited was different from the contract audited by Hope Finance. Cognitos said Hope Finance has contracted for smart contract code review and security analysis. A spokesperson for Cognitos added that the Hope Finance team has changed the contract several times, but each change is “rechecked by its engineer.” Cognitos also added that his contact with the Hope Finance team “deleted his account.”
Is it actually a rug pull?
Crypto community members have claimed that Hope Finance is a “rug pull”. One DeFi aficionado Markuu said the revealing scammer probably didn’t take everyone’s money because there are paid services that allow people to fool themselves. Marku also added the following:
I still can’t believe no one on the team is video chatting with the lead developer.
Another community member said the address on the ID “looks like an empty lot” when checked via Google Maps.
Free DeFi environment can be the scene of rug pull
A rug pull, as we’ve reported on cryptokoin.com, is a type of crypto scam in which a team pumps the project’s token before it disappears with the funds, leaving their investors a worthless asset. Rug pull happens when rogue developers create a new coin, raise the price, and then pull as much value from them as possible before abandoning them when their price drops to zero. Rug pull is a kind of “exit scam” and DeFi exploit.
Along with DApps, the DeFi ecosystem is entirely user driven in that any developer can create their own project and users can choose to purchase if they believe the project is worthwhile. While this is attractive, this freedom also has a major downside, as malicious developers can easily create and list fraudulent tokens. In particular, malicious actors take advantage of the ERC-20 standard, which greatly reduces the technical and financial barriers to creating new tokens. Another important element of rug pull transactions are decentralized exchanges such as Uniswap (UNI) and SushiSwap (SUSHI), which, unlike centralized exchanges (CEXs), allow tokens to be listed without supervision.