BaseBrosFi Project Vanishes after Rug Pull

BaseBrosFi, a decentralized finance (DeFi) protocol on the Base blockchain, disappeared from the internet after an unaudited smart contract stole users' investments.

BaseBros terminated its official website and social media accounts on Telegram and X on September 13. Chain Audits, a blockchain security firm that had previously audited some BaseBros smart contracts, discovered that the DeFi project orchestrated a rug draw through “an unaudited and unverified Vault contract.”

BaseBros had over 3,300 members on Telegram and approximately 2,000 followers on X at its disappearance.

Smart contracts that were susceptible to auditing were the subject of scrutiny.

ChainAudits asserted that it had conducted an audit of four of the five smart contracts utilized in the BaseBros initiative, and it also stated:

“Unfortunately the contract that facilitated the rug pull (Vault Contract) was not included in our audit scope, nor is verified on the blockchain.”

Funds deposited into the “Strategy” contract were accessible to the company proprietors through a backdoor vulnerability in the unaudited contract.

Incident Report

Yesterday on 13.09.2024, @BaseBrosFi, a DeFi project on @base, executed a rug pull by gaining control of and draining ecosystem funds via an unaudited and unverified Vault contract.

The BaseBrosFi team exploited the unverified Vault Contract by overriding… https://t.co/FIHK0rcUBt

— ChainAudits (@ChainAudits) September 14, 2024

BaseBros' rug pull did not affect the Seamless protocol

Initially, the Seamless protocol was incorrectly presumed to be affected by the rug pull event due to the similar contract labeling.

The bad actor transferred $130,000 worth of stolen funds through the crypto mixing service Tornado Cash, according to blockchain investigator Cyvers.

🚨ALERT🚨Our system flagged a suspicious transaction involving @SeamlessFi on the #BASE network earlier today.

A malicious contract was deployed on 13.09.2024 at 11:57:04 UTC, and a hack was executed just minutes later at 13:04:40 UTC.
The attacker bridged approximately $130K in… https://t.co/mbDXb3Ku9D pic.twitter.com/1JtLWmXg7w

— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) September 13, 2024

Seamless conducted an internal investigation and determined that the protocol and its investors' funds are secure from potential assaults.

Additionally, Chain Audits verified that BaseBro Fi was the sole protocol that experienced a loss of funds from multiple pools.

A seasoned hacker recently expressed gratitude to the attacker responsible for the $27 million breach of the DeFi protocol Penpie.

The Euler Finance hacker, who had stolen $195 million in March 2023, sent an onchain appreciation message to the Penpie hacker.

“Good job bro. I didn’t see a hack like this for a while. I’m happy you kept all the money and didn’t let these bastards get back one dollar of what you took. You won, they lost. Good job.”

Nevertheless, the Euler Finance criminal had returned 90% of the stolen funds in exchange for legal immunity and a 10% reward.