TL;DR
- BaseBros Fi Disappears: The DeFi protocol on the Base blockchain vanished on September 13, deleting its website and social media accounts, and leaving investors in disarray.
- Rug Pull Allegations: Allegations of a rug pull emerged as BaseBros used an unaudited Vault contract with a backdoor vulnerability to siphon off $130,000 through Tornado Cash.
- Audit Oversight: Chain Audits had reviewed four of BaseBros’ contracts but missed the Vault contract, raising concerns about the thoroughness of DeFi security audits.
BaseBros Fi, a decentralized finance (DeFi) protocol on the Base blockchain, has vanished from the internet. On September 13, the project’s official website and social media accounts on X and Telegram were deleted without any prior warning. This sudden disappearance has left investors and the broader crypto community in disarray.
Incident Report
Yesterday on 13.09.2024, @BaseBrosFi, a DeFi project on @base, executed a rug pull by gaining control of and draining ecosystem funds via an unaudited and unverified Vault contract.
The BaseBrosFi team exploited the unverified Vault Contract by overriding… https://t.co/FIHK0rcUBt
— Chain Audits (@ChainAudits_io) September 14, 2024
Allegations of a Rug Pull
The abrupt vanishing act has led to allegations of a rug pull, a type of exit scam where project developers abscond with investors’ funds. Blockchain security firm Chain Audits revealed that BaseBros orchestrated the rug pull through an unaudited and unverified Vault contract.
This contract contained a backdoor vulnerability, allowing the project owners to siphon off funds deposited by users. Before its disappearance, BaseBros had garnered a significant following, with approximately 2,000 followers on X and over 3,300 members on Telegram.
The rug pull has reportedly affected multiple pools, with the bad actor siphoning off $130,000 worth of stolen funds through the crypto-mixing service Tornado Cash. This incident has left many investors grappling with substantial financial losses.
Chain Audits’ Role on BaseBros’ Rug Pull
Chain Audits had previously audited four of the five smart contracts used by BaseBros. However, the Vault contract, which facilitated the rug pull, was not included in their audit scope.
This oversight has raised questions about the thoroughness of security audits in the DeFi space and the need for more stringent measures to protect investors.
Broader Implications
The BaseBros incident is a stark reminder of the risks associated with DeFi investments. It underscores the importance of conducting thorough due diligence and relying on verified audits before investing in any project.
Last year, rug pulls and similar scams accounted for over $765 million in losses. The cryptocurrency market experienced $1.7 billion in theft by malicious actors, with rug pulls making up a significant part of these losses.
As the crypto community grapples with yet another rug pull, the call for enhanced security measures and regulatory oversight in the DeFi space grows louder. The disappearance of BaseBros Fi has sent shockwaves through the crypto community, highlighting the vulnerabilities in the DeFi ecosystem.
As investigations continue, affected investors are left hoping for some form of restitution, while the broader community calls for stronger safeguards against such fraudulent activities.