Optimism-based lending protocol Kokomo Finance has been suspected of a $4 million “exit rip-off” that has seen consumer funds plucked out from the platform by way of a wise contract loophole.
Blockchain safety agency CertiK alerted its followers to the “exit rip-off” in a March 26 Twitter put up, noting that the Kokomo Finance (KOKO) token has plummeted 95% in worth in a matter of minutes.
CertiK additionally famous that Kokomo Finance eliminated all social media accounts instantly following the alleged rug pull too.
CertiK mentioned the deployer of KOKO attacked the good contract code of a wrapped Bitcoin token, cBTC, by resetting the reward pace and pausing the borrow perform.
After that, an handle starting with “0x5a2d..” authorized the brand new cBTC good contract to spend over 7000 Sonne Wrapped Bitcoin (So-WBTC).
On 26 March 2023, Kokomo Finance performed an exit rip-off and stole ~$4 million in consumer funds.
Particulars Beneath https://t.co/BEPwfahblz
— CertiK Alert (@CertiKAlert) March 26, 2023
The attacker then referred to as one other command to swap the So-WBTC to the 0x5a2d handle, which produced a $4 million revenue, in line with the safety agency.
A CertiK spokesperson instructed Cointelegraph that it was the most important “incident” that they’ve detected on Optimism.
Kokomo Finance is an open-source and non-custodial lending protocol on Optimism, the place traders might commerce for wBTC, Ether (ETH), Tether (USDT), USD Coin (USDC) and DAI.
Kokomo Finance rose up the ranks shortly in current days, with blockchain information platforms like CoinGecko and DefiLlama formally monitoring it shortly after Kokomo Finance went dwell on Optimism on March 25.
Latest screenshots reveal that greater than $2 million was locked into Kokomo Finance previous to it falling greater than 97%.
@KokomoFinance is an open supply and non-custodial lending protocol constructed on Optimism and @arbitrum .
– Launch on @DefiLlama
– Audited by @0xGuard $KOKO TVL : 2M, is repeatedly growing, cash will stream into this lending platform quickly when it’s deployed on @Arbitrum. pic.twitter.com/RduuHBWX39— Az.eth (@0x_az) March 26, 2023
Over 72% of the full worth locked within the Kokomo Finance protocol got here within the type of wrapped Bitcoin, in accordance to information from DefiLlama.
Cointelegraph tried to entry all social media and weblog web sites listed on Kokomo Finance’s Linktree web page, nonetheless, all of those hyperlinks now result in some type of an error web page, suggesting the web page has been eliminated.
Associated: 7 DeFi protocol hacks in Feb see $21 million in funds stolen: DefiLlama
Cointelegraph got here throughout Kokomo Finance’s good contract audit, which was reviewed and shared by 0xGuard earlier in March.
Whereas most points of the audit had been handed, “typographical errors” had been discovered and the proprietor of the KOKO token was discovered to have a one-time capacity to 45% of the utmost provide to an arbitrary handle.
Cointelegraph reached out to 0xGuard for remark however didn’t obtain an instantaneous response.
Journal: Ought to crypto tasks ever negotiate with hackers? Most likely
