Blockchain security firm Peckshield highlighted that the hack reported by DeFi protocol Defrost Finance may have been a rug pull. The hacker made off with $12 million. The Defrost team, in a tweet on December 25, said the hacker used a flash loan to drain funds out of its V2 product. The second attack utilized the owner key to exploit V1.
According to Peckshield analysis, the hacker used a fake collateral token with manipulated pricing. It explained that rug pull can occur when developers create and establish a liquidity pool and then remove the funds, and disappear after investors have bought the related token. Defrost Finance, which had $95 million in the total value of funds (TVF) in February according to Llama data, was just $13 million in recent weeks and dropped to a mere $93,000 on December 25.
The analysis stated that Defrost Finance announced the exploitation and said it is willing to negotiate with those responsible for the return of the funds. However, Peckshield couldn’t reach the firm as direct messages were disabled on Defrost Finance’s Twitter account. Certik, a blockchain security firm, also tried to contact the firm but there had no response. But it confirmed that Defrost as an exit scam. DeFiYield carried out an audit of Defrost Finance a year ago and had pointed out the smart contract vulnerability used in the hack.
