Defrost Finance Denies Rug Pull Allegations Amid $12M Exploit

The group says it’s retrieved all the funds after offering a bounty to the hacker.

AccessTimeIconDec 30, 2022 at 3:02 p.m. UTC
Updated May 9, 2023 at 4:05 a.m. UTC

The team behind Defrost Finance, an Avalanche blockchain-based decentralized-finance (DeFi) platform, has pushed back on claims that it "rug pulled" the project after $12 million was siphoned out of the smart contract last week.

Blockchain security company DeFiYieldSec this week alleged that the apparent exploit was an inside job, most recently saying that the creator of Defrost Finance’s multi-sig wallet was the same address that requested the oracle to be replaced before the exploit occurred. Defrost Finance denied those claims, labeling them as “slanderous and inaccurate.”

The first of two attacks targeted the V2 contract with a "flash-loan re-entrancy" exploit, a Defrost Finance spokesperson told CoinDesk.

The far-larger second attack occurred on Christmas Eve, the spokesperson continued, with another hacker or hackers “[managing] to appropriate the private key and used it to add a fake collateral token and price oracle, then minted 100 million H20 tokens … The hacker then liquidated the existing vaults by manipulating the vaults’ oracles and draining funds.”

Exploits involving price oracles have become more prevalent this year, with an oracle tied to Mango Markets being manipulated in October by crypto investor Avraham Eisenberg, who was arrested in Puerto Rico for the attack last week.

The Mango Markets exploit resulted in a $114 million loss, although Eisenberg returned $67 million shortly after the attack occurred.

In its case, Defrost Finance claims it retrieved all of the funds on Monday after offering a bounty to the hacker.

The Defrost Finance team, the group also behind failed DeFi protocol Phoenix Finance, said it is “very optimistic” all the users who lost tokens will be reimbursed.


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.

Oliver Knight

Oliver Knight is a CoinDesk reporter based between London and Lisbon. He does not own any crypto.

Learn more about Consensus 2024, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to to register and buy your pass now.

Read more about