Key Takeaways:
A smart contract vulnerability resulted in the theft of $2 million from customers of an algorithmic stablecoin project based on the Arbitrum algorithm.
The abused smart contract was different from the one that Cognitos reviewed for Hope Finance, according to a Cognitos spokesperson.
Following a $2 million exploit, prospective customers of the decentralized finance (DeFi) project powered by Arbitrum are now out of pocket.
Following a tweet from the Hope Finance accounts alerting consumers to the fraud, Web3 security company CertiK reported the problem on February 21.
Getting project details requires time. However, the network revealed on Twitter in January 2023 its intentions for an algorithmic stablecoin called Hope token (HOPE), which actively controls its supply in response to the value of Ether.
According to entries in the account, the scam is believed to have been run by a Nigerian who sent over $1.86 million to Tornado Cash immediately after the platform went public on February 20.
A member of the CertiK team claims that the fraudster changed the smart contract’s requirements, which led to money being removed from the Hope Finance genesis protocol:
“It appears that the scammer changed the TradingHelper contract, which meant that when 0x4481 calls OpenTrade on the GenesisRewardPool, the funds are transferred to the scammer.”
Possible hazards include the use of improper modifiers and reentry assaults. Cognitos discovered that the smart contract code had completed the audit successfully despite pointing out these mistakes.
Hope Finance advised users of a facility that would enable them to withdraw staked liquidity from the system after the swindle rapidly.
Ugwoke The fraudster is a Nigerian national named Pascal Chukwuebuka, according to a tweet from Hope Finance. The name and photo of the con artist are widely known. Hope Finance also provided instructions on how consumers can withdraw their staked LP.
Some in the crypto community have claimed that Hope Finance was a scam. Because there are commercial services that enable people to do it themselves, a DeFi fan named Markuu claimed it is likely that the scammer that was doxxed did not steal money from everyone. Markuu tweeted:
“Still can’t believe nobody on the team would have had never had a video chat with the ‘lead dev’.”
The layer two roll-up networks called Arbitrum on Ethereum allow for the exponential scaling of smart contracts. The two layer-2 protocols continue to manage growing numbers of transactions within the Ethereum ecosystem alongside Optimist.