DeFi Protocol Hope Finance Loses $2M In An Exploit
Hope Finance, a decentralized finance protocol, has witnessed a loss of nearly $2M in a recent exploit that took place on February 20. The company shared some posts on Twitter in which it displayed the photos of the alleged scammer and his voter’s card issued by the Nigerian Electoral Commission. The platform claimed that the person allegedly took away a lot of funds from the genesis protocol operating under Hope Finance.
Hope Finance Sees $2M Lost from User Funds in an Exploit
The supposed hacker is a person called “Ugwoke Pascal Chukwuebuka” from Nigeria. The incident was reported by the Web3 security company CertiK on February 21. This was witnessed just after the declaration by the platform through Twitter. It notified the consumers about the scam. The blockchain security company mentioned that the scammer transacted nearly $1.86 million to the crypto mixing service named Tornado Cash after successfully exploiting the funds.
Another blockchain security firm named PeckShield also noted that 1095 ETH tokens were transferred by the exploiter to Tornado Cash, the crypto mixing protocol that has been prohibited. PeckShield noted in its Twitter post that Uniswap and Celer Network were utilized by the scammer to transact the funds in Ether. It also revealed the 3 addresses through which the respective assets were transacted.
The smart contract hacked by the bad actor was diverse from the one audited by Hope Finance, as per a spokesperson from Cognitos (the auditor). The auditing company stated that Hope Finance signed an agreement with it for the security analysis as well as the code review of a smart contract. The spokesperson from the auditing firm added that the team of Hope Finance altered the code of the respective smart contract several times.
Even then, according to the spokesperson, its engineer checked every modification. In addition to this, Cognitos disclosed that the account of the person responsible for connecting the auditing platform to Hope Finance has been removed. The details of the respective incident have not been provided up till now. The Twitter account of Hope Finance was started recently in January 2023.
On its launch, the platform outlined its strategy to introduce Hope token which is an algo stablecoin. As per Hope Finance, the respective token would dynamically regulate its supply in line with the price level of Ether. A participant of the team working under CertiK asserted that the targeted smart contract’s details were altered by the scammer. As a result of this, the funds in massive amount was taken away from the genesis protocol of Hope Finance.
In the audit of the smart contract by Cognitos, a couple of vulnerabilities were highlighted. The summary of the respective audit specified that a wrong modifier as well as the likelihood related to reentrancy attacks were present. On the contrary, despite having revealed these vulnerabilities, Cognitos discovered that the code of the smart contract had effectively passed the audit.
Community Suspects a Rug Pull
After the scam, Hope Finance information shared information with its consumers regarding the withdrawal of the liquidity staked on the protocol via an emergency withdrawal operation. On the other hand, the members of the crypto community have accused Hope Finance of having conducted a rug pull. Markuu, a DeFi enthusiast, opined that the doxxed exploiter did not drain everyone’s funds as some paid services are available with which people can dox themselves.
Tokenhell produces content exposure for over 5,000 crypto companies and you can be one of them too! Contact at info@tokenhell.com if you have any questions. Cryptocurrencies are highly volatile, conduct your own research before making any investment decisions. Some of the posts on this website are guest posts or paid posts that are not written by Tokenhell authors (namely Crypto Cable , Sponsored Articles and Press Release content) and the views expressed in these types of posts do not reflect the views of this website. Tokenhell is not responsible for the content, accuracy, quality, advertising, products or any other content or banners (ad space) posted on the site. Read full terms and conditions / disclaimer.