BSV
$66.81
Vol 101.46m
0.77%
BTC
$99044
Vol 98472.96m
0.88%
BCH
$487.41
Vol 835.98m
1.02%
LTC
$90.77
Vol 1130.12m
1.62%
DOGE
$0.4
Vol 14118.76m
6.11%
Getting your Trinity Audio player ready...

The team behind Kokomo Finance, a lending protocol built on Ethereum Layer 2 network Optimism, has allegedly pulled off a $4 million exit scam.

New York Web3 security company CertiK first discovered the exploit. In addition to the smart contract exploit, the Kokomo developers also took down the project’s social media accounts, CertiK revealed.

CertiK first discovered high slippages on KOKO, the lending platform’s native token. KOKO has since plunged to $0.00066244 at press time, a 98.6% dip.

In its analysis of the attack, the cybersecurity company said the developers had deployed the attack contract cBTC, paused borrowing, and reduced reward speed. They then set the implementation contract into a malicious one.

cBTC is a derivative of Wrapped BTC (wBTC) issued on the Ethereum network.

The developers reportedly used one of their addresses to approve a transfer of over 7,000 Sonne Wrapped BTC, yet another BTC derivative issued on Ethereum. They then used these tokens to swap all the liquidity that users had supplied to Kokomo, walking away with about $4 million in user funds.

After the alleged heist, the developers took down the social media accounts and the Kokomo website, vanishing in Asian morning hours on Monday.

Kokomo launched on March 25, offering users a non-custodial protocol to borrow, lend, and trade wrapped BTC, USDT, Ether, USDC, and the DAI stablecoin. Its popularity quickly surged, with DeFiLlama showing that two days after launch, it accumulated $2 million in total value locked (TVL).

Kokomo was audited just days prior by 0xGuard, a smart contract auditing firm that has audited over 100 other projects.

In its report, 0xGuard found no issues with most of the protocol except for one major loophole:

“The owner has a one-time ability to mint 45% of MAX_SUPPLY, i.e. 45e24 tokens, to an arbitrary address.”

Earlier this month, DeFi platform Euler Finance lost $197 million to a flash loan attack.

Watch: Tokenizing Assets & Securities on Blockchain

Recommended for you

Lido DAO members liable for their actions, California judge rules
In a ruling that has sparked outrage among ‘Crypto Bros,’ the California judge said that Andreessen Horowitz and cronies are...
November 22, 2024
How Philippine Web3 startups can overcome adoption hurdles
Key players in the Web3 space were at the Future Proof Tech Summit, sharing their insights on how local startups...
November 22, 2024
Advertisement
Advertisement
Advertisement