Trading platform Defrost Finance which recently had a network vulnerability has said that the hacker of the V1 platform has reportedly returned the funds.
An announcement by Defrost claiming “the hacker engaged in the V1 attack [but not the v2 hack] has refunded the funds” was made just before the action was taken. According to a warning given by blockchain security company CertiK on December 26, the vulnerability is allegedly an “exit scam,”.
“On 24 December we have seen an #exitscam on @Defrost_Finance. We have attempted to contact multiple members of the team but have had no response. The team is not KYC’d but we are using all the information that we do have to assist with authorities.”
On December 23, Defrost Finance was the victim of a flash loan assault that stripped users of its v1 and v2 protocols $12 million in assets. The exploit was also followed by a warning from blockchain analytics company PeckShield, which called the action a “rug pull”:
“We received community intel warning the rugpull of @Defrost_Finance.Our analysis shows a fake collateral token is added and a malicious price oracle is used to liquidate current users. The loss is estimated to be >$12M.”
The project’s creators said in a short post-mortem investigation that hackers also succeeded in stealing the owner key for a far more extensive assault on its v1 protocol than the flash loan vulnerability. In return for the majority of the assets, Defrost has offered to discuss “sharing 20% (negotiable) of the money and is asking the hackers to contact us asap.”
At the time of publishing, close to $3 million worth of digital assets had been moved to an Ethereum wallet address that had been posted on the company’s social media page. Hours later, Defrost detailed the v1 hacker’s return of the stolen money to a project developers-controlled address in a Medium post.
“We will soon start scanning the data on-chain to find out who owned what prior to the hack in order to return them to the rightful owners. As different users had variable proportions of assets and debt, this process might take a little. However, it will be concluded fairly swiftly.”
