Defrost V1 hacker reportedly returns funds as ‘Exit Scam’ allegations surface
On Dec. 26, blockchain security firm CertiK issued a warning alleging that Defrost Finance, a decentralized leveraged trading platform on the Avalanche Blockchain, is an “Exit Scam.” The came just hours after Defrost announced that “the hacker involved in the V1 hack [but not the V2 hack] has returned the funds”. In supporting the decision, CertiK wrote:
“On 24 December we have seen an #exitscam on @Defrost_Finance. We have attempted to contact multiple members of the team but have had no response. The team are not KYC’d but we are using all the information that we do have to assist with authorities.”
The prior day, Defrost Finance suffered a flash loan attack that drained protocol users of $12 million in assets on its V1 and V2 protocols. Immediately after the exploit, blockchain analytics firm PeckShield also issued a warning alleging that the operation was a “rugpull”:
“We received community intel warning the rugpull of @Defrost_Finance.Our analysis shows a fake collateral token is added and a malicious price oracle is used to liquidate current users. The loss is estimated to be >$12M.”
In a brief post-mortem analysis, project developers said that hackers also managed to steal the owner key for a much larger attack on its V1 protocol than the flash loan exploit. Defrost has since offered “sharing 20% (negotiable) of the funds in exchange for the bulk of assets and are calling on the hackers to contact us asap.”
After posting an Ethereum (ETH) wallet address on its social page, close to $3 million worth of digital assets have been transferred there at the time of publication. In a Medium post published hours later, Defrost explained that the V1 hacker had returned the stolen funds to an address controlled by the project developers.
“We will soon start scanning the data on-chain to find out who owned what prior to the hack in order to return them to the rightful owners. As different users had variable proportions of assets and debt, this process might take a little. However, it will be concluded fairly swiftly.”
This is a developing story and will be updated accordingly.
Update 15:50 Dec. 26 2022 UTC: Added information from DeFrost regarding the return of funds from the V1 attacker