The recent spate of hacking incidents involving decentralized finance (DeFi) platforms is making headlines, although there were a series of code audits on these DeFi platforms. According to multiple reports, Defrost Finance will return funds stolen in a December 23 exploit worth $12 million.
Defrost Customer Loses Millions of Dollars
The blockchain analytic platform Peckshield reported an attack on the ecological stablecoin project Defrost Finance on December 23, 2022. According to the Pekshield report, the hacker stole $173,000 via a flash loan exploit targeted at Defrost’s V1 network.
However, the more significant exploit on the V2 protocol saw the attacker cart away $12 million after liquidating users’ wallets by issuing a fake collateral coin and a malicious pricing system. The attackers were reported to have later stolen a further $1.4 million from another cross-chain tech platform, Rubic Finance.
Meanwhile, the incidents have raised concerns about the vulnerability of smart contract codes and the safety of funds in decentralized platforms. It is worth noting that liquidations on DeFi occur whenever the value of a holder’s collateral fails to meet the lending network’s minimum loan-to-value ratio in a given period.
While stablecoin platforms like Defrost allow users to deposit some collateral to access a perpetual stablecoin loan, they use an algorithm-adjustable system to ensure a stable fee to meet the loan interest. As a result, the introduction of fake collateral on the V2 protocol compromised the users’ loan-to-value ratios, which triggered their liquidation.
A Faulty Audit
Further scrutiny of the event revealed that both hacks show the inherent flaws of using smart contract code audits in assessing the validity of a DeFi project. A close observation of what happened to Defrost and Rubic indicates the involvement of CertiK.
The two firms had undergone code audits by CertiK before the hacking incident. The CertiK’s audit of Defrost’s V1 smart contract occurred in November 2021, which listed some critical logic issues along with five other centralized problems.
At the time of writing, the development team addressed the former while acknowledging the latter with no evidence of further action. For emphasis, a “logic issue” refers to a bug that allows smart contracts to operate inaccurately without crashing.
On the other hand, a centralized issue usually compromises several protocols whenever a hacker manages to access a shared code block. Furthermore, CertiK disclosed that it had discovered several centralization problems within Rubic Finance’s SwapContract smart contract.
According to the blockchain security firm, the bug would allow hackers to illegally withdraw ETH/BNB and other crypto tokens. It is worth noting that CertiK only audits codes given to it by DeFi protocols.
Due to this, the security platform advises investors to conduct due diligence on any platform where they want to deposit their funds. The company issued a disclaimer saying that each DeFi protocol and investor should be responsible for their security.
At Tokenhell, we help over 5,000 crypto companies amplify their content reach—and you can join them! For inquiries, reach out to us at info@tokenhell.com. Please remember, cryptocurrencies are highly volatile assets. Always conduct thorough research before making any investment decisions. Some content on this website, including posts under Crypto Cable, Sponsored Articles, and Press Releases, is provided by guest contributors or paid sponsors. The views expressed in these posts do not necessarily represent the opinions of Tokenhell. We are not responsible for the accuracy, quality, or reliability of any third-party content, advertisements, products, or banners featured on this site. For more details, please review our full terms and conditions / disclaimer.