Defrost offers 20% payment to hackers as ‘Exit Scam’ allegations surface

“Merry Christmas guys. We got a lump of coal from Santa Claus,” wrote one user in response to the allegations and the incident.

On Dec. 26, blockchain security firm CertiK issued a warning alleging that Defrost Finance, a decentralized leveraged trading platform on the Avalanche Blockchain, is an “Exit Scam.” In supporting the decision, CertiK wrote

“On 24 December we have seen an #exitscam on @Defrost_Finance. We have attempted to contact multiple members of the team but have had no response. The team are not KYC’d but we are using all the information that we do have to assist with authorities.”

The prior day, Defrost Finance suffered a flash loan attack that drained protocol users of $12 million in assets. Immediately after the exploit, blockchain analytics firm PeckShield also issued a warning alleging that the operation was a “rugpull”: 

“We received community intel warning the rugpull of @Defrost_Finance.Our analysis shows a fake collateral token is added and a malicious price oracle is used to liquidate current users. The loss is estimated to be >$12M.”

In a brief post-mortem analysis, project developers said that hackers also managed to steal the owner key for a much larger attack on its V1 protocol than the flash loan exploit. Defrost has since offered “sharing 20% (negotiable) of the funds in exchange for the bulk of assets and are calling on the hackers to contact us asap.”

After posting an Ethereum (ETH) wallet address on its social page, close to $3 million worth of digital assets have been transferred there at the time of publication. It is unclear if such transactions were related to the stolen assets.

CertiK’s Skynet alert for DeFrost | Source: CertiK

This is a developing story and will be updated accordingly.

Leave a Reply

Your email address will not be published. Required fields are marked *