Why This Defrost Finance Hacker Changed His Mind And Returned Stolen Funds
Defrost Finance, a DeFi protocol built on the Avalanche blockchain that offers leveraged trading, recently released a blog post that contained some “good news” for users that were affected by the Christmas Day hack that drained the project of around $12 million worth of crypto assets.
According to the latest update shared by the team managing the decentralized finance venture, the still-to-be-identified cybercriminal responsible for the hack seemed to have had a change of heart and returned all the funds he siphoned off during the breach.
As a means of confirmation for the bizarre turn of events, Defrost Finance showed to the public the wallet address that now contains the returned assets which include $3 million worth of ETH tokens and 9.9 million DAI.
The project remains mum as to the details of the recovery or return of the funds and have not released any form of communication with regards to the particular matter, failing to address some speculations that it might have paid a bounty to the cyber attacker.
How The Defrost Finance Attack Happened?
Last Sunday, using their Twitter account, the Defrost Finance team said its V2 product was targeted and drained of funds via a flash loan attack.
Shortly after, a larger and more malicious cyber exploit followed, this time targeting the DeFi protocol’s V1 product with the use of an owner key.
The project did not say how much exactly was stolen from its coffers, but other data later revealed that its total value locked (TVL), which stood at $13 million in recent weeks, plummeted to $93,000 on the same day the attacks happened.
We received community intel warning the rugpull of @Defrost_Finance. Our analysis shows a fake collateral token is added and a malicious price oracle is used to liquidate current users. The loss is estimated to be >$12M. https://t.co/70iu38OYh7 pic.twitter.com/rSKklgV71I
— PeckShield Inc. (@peckshield) December 24, 2022
PeckShield and Certik, both well established blockchain security firms, weighed in on the development, saying the incident might have been a case of a rug pull – also known as “exit scam” where developers create a liquidity pool but remove the funds and disappear after investors have bought a certain related asset.
This case, however, is a bit peculiar if it is indeed a rug pull considering Defrost Finance was able to contact the perpetrator and even offered a 20% bounty.
We received community intel warning the rugpull of @Defrost_Finance. Our analysis shows a fake collateral token is added and a malicious price oracle is used to liquidate current users. The loss is estimated to be >$12M. https://t.co/70iu38OYh7 pic.twitter.com/rSKklgV71I
— PeckShield Inc. (@peckshield) December 24, 2022
What Happens Next?
Following the incident, Defrost Finance buckled down to “repair” the damage in order to compensate its affected users.
Defrost said:
“We will soon start scanning the data on-chain to find out who owned what prior to the hack in order to return them to the rightful owners.”
As to how this will be facilitated, over the next few days, the returned ETH tokens will be converted into DAI stablecoins which, in turn, will be moved from Ethereum blockchain to Avalanche.
After the proper determination of the rightful owner of the stolen crypto funds, Defrost Finance will deploy a refunding smart contract to return the assets to their true owners.
OhNoCryptocurrency via https://www.ohnocrypto.com/ @Christian Encila, @Khareem Sudlow