On December 25, decentralized finance protocol Defrost Finance announced that it had been hacked. However, blockchain security firm Peckshield claimed, citing "community intel," that the hack may have been a rug pull, a type of scam in which the perpetrators make off with funds and disappear. According to Defi Llama data, the value of funds locked in Defrost Finance dropped significantly on December 25, falling from around $13 million to less than $93,000. Peckshield's analysis indicated that the attack involved using a fake collateral token and manipulated pricing.
In a tweet thread on December 25, the Defrost team provided more information about the hack, stating that it involved a flash loan that drained funds from its V2 product, followed by a more significant attack that used the owner key to exploit V1. The protocol, which offers leveraged trading on the Avalanche blockchain, did not specify how much had been taken, but the value of locked funds in Defrost Finance had peaked at $95 million in February, according to Defi Llama data.
If the attack was a rug pull, it is unusual, as it is typical for the team behind such schemes to go silent and become uncontactable. However, Defrost Finance has publicly announced the attack and stated that it is willing to negotiate with the perpetrators to return the funds. Despite this, efforts to contact the firm through Twitter have been unsuccessful, as direct messages have been disabled on the account. Blockchain security firm Certik also tweeted on December 26 that it had attempted to contact multiple members of the Defrost team but received no response.
Last year, crypto investors lost over $2.8 billion to rug pulls, according to a report by Chainalysis. These scams accounted for 37% of the total illicit revenue of $7.7 billion from crypto scams in 2021. The 2022 figure is expected to be even higher, as a report from blockchain risk monitoring firm Solidus Labs shows that fraudsters deployed over 117,000 scam tokens through December 1, a 41% increase from the previous year. It is clear that rug pulls continue to be a significant threat to the crypto industry, and it is essential for investors to be vigilant and do their due diligence to protect themselves from these types of scams.
At this time, it is unclear how much was taken in the Defrost Finance hack/rug pull, but the significant drop in the value of locked funds suggests that a substantial amount was lost. It is also unknown who was behind the attack or whether the funds will be returned. The Defrost team has stated that it is willing to negotiate with the perpetrators, but no progress has been made.
The incident acts as a reminder of the risks involved in the decentralized finance space and the importance of being careful when choosing which protocols to invest in. It's always a good idea to do thorough research and due diligence before investing, including looking into the security measures in place and the track record of the team behind the protocol.
Despite the potential risks, decentralized finance has the possibility to revolutionize the financial industry and provide greater access and opportunities for people around the world. The industry must continue improving security and reducing the risk of scams and hacks to realize this potential and earn investors' trust.