1. Home
  2. Defrost finance

Defrost finance

Crypto Incidents Involving Exit Scams, Hacks, and Code Exploits Reach Record Low in December 2022 According to Certik

Crypto Incidents Involving Exit Scams, Hacks, and Code Exploits Reach Record Low in December 2022 According to CertikAccording to blockchain security company Certik, the number of cryptocurrency incidents involving exit scams, hacks, and code exploits in Dec. 2022 was the lowest monthly figure of the year. Certik noted that the combined incidents amounted to $62.2 million “lost to exploits, hacks, and scams.” Record Low Cyber Attacks in December 2022 Result in $62.2 […]

Citi Trader Says Bank Watching for ‘Trump Rip’ or ‘Harris Dip’ As Markets Brace for Election Results

Defrost Finance breaks silence on ‘exit scam’ accusations, denies rug pull

Defrost Finance had not publicly commented on the rug-pull accusations in the media until now.

Defrost Finance, the decentralized trading platform that suffered a $12 million exploit in the days leading up to Christmas, has denied allegations that it had “rugged” its users as part of an elaborate “exit scam.”

On Dec. 23, the platform announced it suffered a flash loan attack, leading to the draining of user funds from its v2 protocol. One day later, another incident saw a hacker steal the admin key for a second “much larger” attack on the v1 protocol.

It’s understood the attacker or attackers conducted the flash loan attack by adding a fake collateral token and a malicious price oracle to liquidate users.

Observers, including blockchain security firms Peckshield and CertiK, as well as asset management platform DeFiYield, have suggested based on “community intel” that members of the team may have been behind the “exit scam” — given the fact that an admin key was required to perpetrate the exploit.

However, in an exclusive statement to Cointelegraph on Dec. 28, the team behind Defrost Finance broke its silence on the accusations, stating:

“We deny the accusations that the team rugged users. A compromised key does not equate to a rugpull, as much as the episode may raise doubts among the public.”

Defrost made two key arguments to deny its involvement.

Firstly, Defrost argued that if they had planned to orchestrate a rug pull, they would’ve done it months ago when its total value locked (TVL) neared $200 million.

According to DefiLlama, Defrost Finance’s TVL had fallen to just $13.14 million on Dec. 23, the day of the first attack.

“Anyone behind a rugpull would have probably defrauded investors when our TVL was 15 times what it is today.”

Secondly, Defrost argued that if they had been the perpetrators they would have “fled” long ago, which they haven’t done.

“[Anyone] anticipating the inevitable attention from the crypto community would have fled long ago. Yet here we are, working to get the funds back to their rightful owners,” it said.

Defrost Finance’s statement came just hours after decentralized finance investment platform DeFiYield in a Medium blog post on Dec. 27 again accused Defrost Finance of “rug pulling” its users.

DeFiYield pointed to on-chain data that it claimed suggested the creator of the multisig wallet was the same address that requested and then later approved the transactions that inserted the malicious source oracle that liquidated users.

It also alleged the developers behind Defrost Finance were the same as those of Phoenix Finance (FinNexus) which was exploited for $7.6 million in May 2021 in what some have also speculated was an “inside job.”

Related: Here's how Defrost Finance plans to refund users following $12M hack

Defrost said it regrets being unable to share more details about the attack, as its priority has been helping users retrieve their funds.

"There are several issues that we would like to address in recent reports concerning Defrost Finance. We regret we cannot get deep enough into some details — but surely the community will understand this is a sensitive matter and our priority must be to help our users retrieve their funds. All other concerns are secondary to this,” it said.

The team is certainly unhappy about the allegations and earlier on Dec. 28 warned members of its Telegram group that it will ban members that attempt to perpetrate the “false narrative” that the Defrost team is responsible for the recent attacks.

“At this point, it’s not conducive to moving forward to continue allow [sic] the public chats to operate like the Wild Wild West. Will be implementing stricter protocols.”

A post on Defrost Finance's Telegram group by a core team member. Source: Telegram

On Dec. 26, Defrost announced on Twitter it had managed to recover all the funds taken in the v1 hack, sharing in a post on Medium hours later that it has begun the process of returning funds to affected users.

The Ethereum wallet controlled by Defrost that is being used to facilitate the return of funds currently shows that $2.9 million of Ether (ETH) has been returned, along with $9.9 million worth of Dai (DAI).

“This will take a little time since we need to map who had what and where, but the wheels are turning fast and the entire process will be managed through smart contracts. It will be fully transparent and fairly swift,” Defrost told Cointelegraph in its recent statement.

No word was given about the v2 protocol as of yet, however.

Citi Trader Says Bank Watching for ‘Trump Rip’ or ‘Harris Dip’ As Markets Brace for Election Results

Here’s how Defrost Finance plans to refund users following $12M hack

The Defrost team will conduct a scan of on-chain data to find out who owned what prior to the attack.

After recovering the funds lost in a recent flash loan exploit, decentralized leverage-trading platform Defrost Finance is planning to return the funds to their rightful owners, according to a new announcement. 

In a Medium post, Defrost highlighted that it will soon be refunding the assets to their original holders and will be following a specific process. The process includes converting all Ether (ETH) into stablecoins, like DAI, at the on-chain market rate. Then, all stablecoins will be transferred from the Ethereum blockchain into Avalanche.

Apart from these, the team will also be conducting a scan of on-chain data to find out “who owned what” before the attack. After completing the scan work, the Defrost team mentioned that they will be releasing the data to the public.

After everything is completed, the team will be deploying a smart contract that will allow users to reclaim their assets which are already converted into stablecoins back to their original wallet addresses.

Meanwhile, after the exploit, security firms alleged that the project may have run away with user funds. Blockchain security firm CertiK described the recent exploit as an "exit scam" and said that they have attempted to contact the team without getting any responses. On the other hand, blockchain analytics firm PeckShield also issued a warning to the community, describing the project as a "rug pull" and estimated the losses to be around $12 million.

Related: Hackers drain $8M in assets from Bitkeep wallets in latest DeFi exploit

On Dec. 21, decentralized exchange Raydium also announced details of its proposed compensation plan for victims of a recent exploit because of a vulnerability in the platform's code. According to its team, the hackers were able to get away with $2 million worth of digital assets with the attack. 

On the same day, Ankr protocol was able to determine the details of the exploit that caused a $5 million loss within the platform. According to the team, there was a point of failure in their developer key. Because of this, the team will be implementing multi-sig authentication that will require signatures from key custodians.

Citi Trader Says Bank Watching for ‘Trump Rip’ or ‘Harris Dip’ As Markets Brace for Election Results