DeFi flash loan hacker liquidates Defrost Finance users causing $12M loss
Defrost Finance, a decentralized leveraged trading platform on Avalanche blockchain, announced that both of its versions — Defrost V1 and Defrost V2 — are being investigated for a hack. The announcement came after investors reported losing their staked Defrost Finance (MELT) and Avalanche (AVAX) tokens from the MetaMask wallets.
Moments after a few users complained about the unusual loss of funds, Defrost Finance’s core team member Doran confirmed that Defrost V2 was hit with a flash loan attack. At the time, the platform believed that Defrost V1 was not impacted by the hack and decided to close down V2 for further investigation.
Core team member Doran confirming attack on Defrost Finance. Source: Telegram
At the time, the platform believed Defrost V1 was not impacted by the hack and decided to close down V2 for further investigation.
Defrost Finance is sad to announce that our V2 has suffered a hack, with an attacker using a flash loan function to withdraw funds.
The V1 is not affected. We will soon close the V2 UI and investigate further with our tech team.
Updates will be posted on our official channels.
— Defrost Finance (@Defrost_Finance) December 24, 2022
Blockchain investigator PeckShield found that the hacker manipulated the share price of LSWUSDC, leading to a gain of roughly $173,000 for the hacker. Upon further analysis, PeckShield’s investigation revealed:
“Our analysis shows a fake collateral token is added and a malicious price oracle is used to liquidate current users. The loss is estimated to be >$12M.”
While the company proactively announced the hack, the community suspects a rug-pull situation at play.
Defrost V1 was initially announced unaffected by the hack as the first version of Defrost lacked a flash loan function.
Core team member Doran confirming attack both Defrost Finance versions. Source: Telegram
However, the platform later acknowledged an emergency for V1 as well, stating:
“Our team is currently investigating. We kindly ask the community to wait for updates and refrain from using either the V1 or V2 for the moment.”
Until further notice, investors are advised to stop using Defrost Finance. An internal team is currently investigating the situation and will reach out to users through official channels.
Defrost Finance has not yet responded to Cointelegraph’s request for comment.
Related: Raydium announces details of hack, proposes compensation for victims
In 2022, North Korean hackers stole crypto worth more than 800 billion Korean won ($620 million) from decentralized finance (DeFi) platforms alone.
A spokesperson from South Korea’s National Intelligence Service (NIS) revealed that all North Korean hacks were done through overseas DeFi exploits. However, with Know Your Customer (KYC) initiatives in place, the total number of North Korean hacks saw a significant reduction.