🥶 Thaw Head

Market Meditations | December 29, 2022

Last Friday Defrost Finance announced that they were the latest in a long line of DeFi protocols to have suffered a hack. But in a turn of events this one might have a happy ending, and just leave users with a thaw head:

  • DeFrost Finance is a decentralised trading platform but on the Avalanche blockchain. Their V2 platform allows leverage up to 5x.
  • PeckShield reported last week that a flash loan vulnerability was exploited, resulting in a $173k gain for the hacker.
  • Specifically, there was “no reentrancy lock” in the smart contract, which allowed the hacker to “manipulate the share price of LSWUSDC“.
  • A subsequent tweet suggested a potential rug pull by the developers, with the total loss in funds being closer to $12 million.
  • They claimed they had used a ‘fake collateral token‘ and a ‘malicious price oracle‘.
  • Security firm CertiK also called it an exit scam, claiming they had “attempted to contact multiple members of the team but have had no response“.
  • But yesterday, Defrost Finance claimed that the stolen funds had been returned. They linked an Ethereum address where the assets were being held.
  • They now plan to return all funds to their rightful owners by scanning on-chain data.
  • According to CoinTelegraph, the process will include converting the ETH to stablecoins before moving them back to the Avalanche network.
  • Users will then be able to use a new smart contract to return coins to their original wallets.