Kokomo Finance, an Optimism based decentralized finance (DeFi) platform, seems to have disappeared into thin air, stealing nearly $4 million worth of user funds in a possible “exit scam”, over the weekend.
On March 27, Blockchain security firm CertiK issued a warning on Twitter that developers behid Kokomo protocol managed to conduct the scam via a smart contract loophole. CertiK also noted that Kokomo Finance removed all social media accounts and GitHub repository, leaving users and investors with no means of contacting the team or accessing their funds.
On 26 March 2023, Kokomo Finance conducted an exit scam and stole ~$4 million in user funds.
Details Below 👇 https://t.co/BEPwfahblz
— CertiK Alert (@CertiKAlert) March 26, 2023
Another Attack on Decentralized Platform
According to the blockchain security firm, the deployer of KOKO attacked the smart contract code of a wrapped Bitcoin token, cBTC, by resetting the reward speed and pausing the borrow function. After that, an address beginning with “0x5a2d..” approved the new cBTC smart contract to spend over 7000 Sonne Wrapped Bitcoin (So-WBTC). The attacker then called another command to swap the So-WBTC to the 0x5a2d address, embezzeling a staggering $4 million in user funds. CertiK tweeted,
“On 26 March 2023, Kokomo Finance conducted an exit scam and stole ~$4 million in user funds.”
he Kokomo Finance (KOKO) token plunged more than 95% in value as a result of the sudden disappearance. The token’s value went from a steady $0.39 down to a mere $0.01, wiping out the majority of its market value. It seems the company’s vanishing act along with the resulting crash in the KOKO token’s value have led many to suspect it as an exit scam.
Launched on March 25, Kokomo Finance allowed users to trade, borrow and lend wrapped bitcoin (BTC), Etherem (ETH), Tether (USDT), USD Coin (USDC) and Dai (DAI). It quickly garnered massive traction among users with more than $2 million locked into Kokomo Finance as of March 26. As per data from DeFiLlama, almost 72% of the total value locked (TVL) in the Kokomo Finance protocol came in the form of wrapped Bitcoin.
@KokomoFinance is an open source and non-custodial lending protocol built on Optimism and @arbitrum .
– Launch on @DefiLlama
– Audited by @0xGuard $KOKO TVL : 2M, is continuously increasing, money will flow into this lending platform soon when it is deployed on @Arbitrum. pic.twitter.com/RduuHBWX39
— Az.eth (@0x_az) March 26, 2023
DeFi Exploits Surge
This comes on the heels after DeFi lending protocol Euler Finance suffered an exploit that resulted in almost $200 million being lost, earlier this month. Moreover, on March 10, the HBAR Foundation, the organization behind the decentralized proof-of-stake ledger Hedera blockchain, suspended network services after malicious entities attacked the Smart Contract Service code of the Hedera mainnet to transfer Hedera Token Service tokens held by victims’ accounts to their own account.
These attacks come amidst a report by DefiLlama revealing that DeFi based platforms lost approximately $21 million to cyber criminals throughout February 2023.