Defrost Finance Denies Rug Pull Allegations Amid $12M Exploit

The group says it’s retrieved all the funds after offering a bounty to the hacker.

AccessTimeIconDec 30, 2022 at 3:02 p.m. UTC
Updated Apr 9, 2024 at 11:10 p.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global event for everything crypto, blockchain and Web3.Register Now

The team behind Defrost Finance, an Avalanche blockchain-based decentralized-finance (DeFi) platform, has pushed back on claims that it "rug pulled" the project after $12 million was siphoned out of the smart contract last week.

Blockchain security company DeFiYieldSec this week alleged that the apparent exploit was an inside job, most recently saying that the creator of Defrost Finance’s multi-sig wallet was the same address that requested the oracle to be replaced before the exploit occurred. Defrost Finance denied those claims, labeling them as “slanderous and inaccurate.”

  • Hacks Involving North Korea Are 'Even Greater Problem': Legal Experts
    09:43
    Hacks Involving North Korea Are 'Even Greater Problem': Legal Experts
  • Breaking Down the State of Hacking in 2024
    02:01
    Breaking Down the State of Hacking in 2024
  • Why Injective's INJ Has Surged 3,000% in 2023
    00:52
    Why Injective's INJ Has Surged 3,000% in 2023
  • How Spool Is Aiming to Help Institutions Enter DeFi
    11:05
    How Spool Is Aiming to Help Institutions Enter DeFi
  • The first of two attacks targeted the V2 contract with a "flash-loan re-entrancy" exploit, a Defrost Finance spokesperson told CoinDesk.

    The far-larger second attack occurred on Christmas Eve, the spokesperson continued, with another hacker or hackers “[managing] to appropriate the private key and used it to add a fake collateral token and price oracle, then minted 100 million H20 tokens … The hacker then liquidated the existing vaults by manipulating the vaults’ oracles and draining funds.”

    Exploits involving price oracles have become more prevalent this year, with an oracle tied to Mango Markets being manipulated in October by crypto investor Avraham Eisenberg, who was arrested in Puerto Rico for the attack last week.

    The Mango Markets exploit resulted in a $114 million loss, although Eisenberg returned $67 million shortly after the attack occurred.

    In its case, Defrost Finance claims it retrieved all of the funds on Monday after offering a bounty to the hacker.

    The Defrost Finance team, the group also behind failed DeFi protocol Phoenix Finance, said it is “very optimistic” all the users who lost tokens will be reimbursed.


    Disclosure

    Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

    CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

    Oliver Knight

    Oliver Knight is a CoinDesk reporter based between London and Lisbon. He does not own any crypto.


    Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.



    Read more about