On 23rd December, Defrost Finance reported a flash loan attack that swept away nearly $12 million on v1 and v2 protocols. The hackers managed to get away with the owner key for a greater attack on the v1 protocol. At the time, Defrost expressed terms of negotiation of sharing 20% of the funds. These funds would’ve been exchanged with a bulk of assets. The hacker returned all the stolen funds eventually.
Right after the return of these funds, the Defrost team planned to refund these assets back to their rightful owners. This process would be conducted in a series of steps. First, all ETH on the network would be converted into stablecoins like DAI. The conversion would be done on the market rate relative to the chain. Second, these same stablecoins would be seamlessly transferred from Ethereum to Avalanche. Third, the teams at Defrost would engage in an operation to determine who owned what before the attack. The details would be made public right after that’s done. Finally, a smart contract responsible for refunds would be deployed. Assets in the form of stablecoins would be handed back to rightful owners.
Soon after the exploit, a considerable number of security firms believed that the project was a bluff and it disappeared with user funds. A blockchain security firm even deemed the exploit as an exit scam. A blockchain analytics firm dubbed the project a rug pull that resulted in the theft of $12 million.
The Defrost Exploit- Explained
A rug-pull or an exit scam happens whenever developers set up a liquidity pool, remove funds, and disappear. Such a tactic is usually followed right after investors have purchased a related token. The teams responsible for conducting such acts disappear entirely and can’t be contacted in any way possible. Defrost’s best bet after the exploit was only to spark a deal with the hacker in order to get the stolen funds back. Despite the risks involved, it eventually regained everything stolen in the first place.
Defrost Finance is a DeFi protocol that is built entirely on the Avalanche platform and has two versions- v1 and v2. V2 is the recent version that enables users to openly participate in leveraged trading. Users can even earn leveraged yields in an easy and efficient way.