-0.96999999999997°C
Hilliard
11-22-2024
BSV
$68.23
Vol 163.04m
-11.12%
BTC
$99317
Vol 112922.65m
2.31%
BCH
$494.91
Vol 1526.83m
-5.79%
LTC
$89.66
Vol 1210.01m
-0.39%
DOGE
$0.39
Vol 9962.48m
2.27%
Getting your Trinity Audio player ready...

The team behind Kokomo Finance, a lending protocol built on Ethereum Layer 2 network Optimism, has allegedly pulled off a $4 million exit scam.

New York Web3 security company CertiK first discovered the exploit. In addition to the smart contract exploit, the Kokomo developers also took down the project’s social media accounts, CertiK revealed.

CertiK first discovered high slippages on KOKO, the lending platform’s native token. KOKO has since plunged to $0.00066244 at press time, a 98.6% dip.

In its analysis of the attack, the cybersecurity company said the developers had deployed the attack contract cBTC, paused borrowing, and reduced reward speed. They then set the implementation contract into a malicious one.

cBTC is a derivative of Wrapped BTC (wBTC) issued on the Ethereum network.

The developers reportedly used one of their addresses to approve a transfer of over 7,000 Sonne Wrapped BTC, yet another BTC derivative issued on Ethereum. They then used these tokens to swap all the liquidity that users had supplied to Kokomo, walking away with about $4 million in user funds.

After the alleged heist, the developers took down the social media accounts and the Kokomo website, vanishing in Asian morning hours on Monday.

Kokomo launched on March 25, offering users a non-custodial protocol to borrow, lend, and trade wrapped BTC, USDT, Ether, USDC, and the DAI stablecoin. Its popularity quickly surged, with DeFiLlama showing that two days after launch, it accumulated $2 million in total value locked (TVL).

Kokomo was audited just days prior by 0xGuard, a smart contract auditing firm that has audited over 100 other projects.

In its report, 0xGuard found no issues with most of the protocol except for one major loophole:

“The owner has a one-time ability to mint 45% of MAX_SUPPLY, i.e. 45e24 tokens, to an arbitrary address.”

Earlier this month, DeFi platform Euler Finance lost $197 million to a flash loan attack.

Watch: Tokenizing Assets & Securities on Blockchain

Recommended for you

Sch. Post test

Lorem ipsum odor amet, consectetuer adipiscing elit. Elit torquent maximus natoque viverra cursus maximus felis. Auctor commodo aliquet himenaeos fermentum

November 7, 2024
Post with chaching

Lorem ipsum odor amet, consectetuer adipiscing elit. Accumsan mi at at semper libero pretium justo. Dictum parturient conubia turpis interdum

November 4, 2024
Advertisement