The team behind Defrost Finance, an Avalanche blockchain-based decentralized-finance (DeFi) platform, has pushed back on claims that it "rug pulled" the project after $12 million was siphoned out of the smart contract last week.

Blockchain security company DeFiYieldSec this week alleged that the apparent exploit was an inside job, most recently saying that the creator of Defrost Finance’s multi-sig wallet was the same address that requested the oracle to be replaced before the exploit occurred. Defrost Finance denied those claims, labeling them as “slanderous and inaccurate.”

The first of two attacks targeted the V2 contract with a "flash-loan re-entrancy" exploit, a Defrost Finance spokesperson told CoinDesk.

The far-larger second attack occurred on Christmas Eve, the spokesperson continued, with another hacker or hackers “[managing] to appropriate the private key and used it to add a fake collateral token and price oracle, then minted 100 million H20 tokens … The hacker then liquidated the existing vaults by manipulating the vaults’ oracles and draining funds.”

Exploits involving price oracles have become more prevalent this year, with an oracle tied to Mango Markets being manipulated in October by crypto investor Avraham Eisenberg, who was arrested in Puerto Rico for the attack last week.

The Mango Markets exploit resulted in a $114 million loss, although Eisenberg returned $67 million shortly after the attack occurred.

In its case, Defrost Finance claims it retrieved all of the funds on Monday after offering a bounty to the hacker.

The Defrost Finance team, the group also behind failed DeFi protocol Phoenix Finance, said it is “very optimistic” all the users who lost tokens will be reimbursed.