Hope Finance loses $2M in recent exploit

Arbitrum-based decentralized finance (DeFi) project Hope Finance has lost users' funds worth about $2 million as a result of a recent smart contract exploit.

On February 21, the issue was reported by Web3 security company CertiK in response to a tweet from the Hope Finance account warning customers of the fraud.

#CommunityAlert 🚨@hope_fin have announced the community has been scammed for ~$2m making this the largest #exitscam on Arbitrum in 2023.

$1.86m was transferred to @TornadoCash.

Hope_fin have posted steps for user's to withdraw their staked LPhttps://t.co/hJbFXiKujt

— CertiK Alert (@CertiKAlert) February 21, 2023

It is challenging to find specifics on the project. The platform announced its intentions for an algorithmic stablecoin dubbed Hope token (HOPE), which dynamically regulates its supply in relation to the price of Ether, on Twitter in January 2023.

Entries on the account claim that immediately after the site became online on February 20, a Nigerian citizen allegedly carried out the fraud and transferred more than $1.86 million to Tornado Cash.

According to a member of the CertiK team, the fraudster altered the smart contract's specifications, which caused money to be taken out of the Hope Finance genesis protocol:

“It appears that the scammer changed the TradingHelper contract which meant that when 0x4481 calls OpenTrade on the GenesisRewardPool the funds are transferred to the scammer.”

A Cognitos representative audited the Hope Finance smart contract, according to a tweet from February 13th. The audit report was evaluated by Cointelegraph, which identified two significant contract function weaknesses.

This includes an improper modifier and reentrancy assaults as potential threats. Cognitos discovered that the smart contract code had passed the audit successfully despite indicating these vulnerabilities.

After the fraud, Hope Finance informed users of a tool that would allow them to immediately remove staked liquidity from the system.

Steps to withdraw your staked LP from the this fucking scam protocol

1. Go on this linkhttps://t.co/HjuvQyxbUX

2. connect your wallet
3. click on emergency withdraw

Enter 0000000000000000000000000000000000000000000000000000000000000002 pic.twitter.com/5RxtgKXgoo

— Hope Finance (💙,🧡) (@Hope_fin) February 21, 2023

Ugwoke Pascal Chukwuebuka, a citizen of Nigeria, is the fraudster, Hope Finance said on its Twitter account. The scammer's name and image have been made public. A few procedures for customers to withdraw their staked LP were also revealed by Hope Finance.

Ugwoke Pascal Chukwuebuka, a citizen of Nigeria, is the fraudster, Hope Finance said on its Twitter account. The scammer's name and image have been made public. A few procedures for customers to withdraw their staked LP were also revealed by Hope Finance.

The layer 2 roll-up network called Arbitrum on Ethereum allows for the exponential scalability of smart contracts. The two layer-2 protocols continue to handle an increasing number of transactions inside the Ethereum ecosystem alongside Optimist.