An Arbitrum-based algorithmic stablecoin project has fallen prey to a smart contract exploit, seeing $2 million stolen from users. 697 Total views 40 Total shares Listen to article 0:00 News Own this piece of history
Collect this article as an NFT Prospective users of an Arbitrum-based decentralized finance (DeFi) project have been left out of pocket following a $2 million exploit.
Web3 security firm CertiK flagged the incident on Feb. 21, following an announcement from the Hope Finance Twitter account notifying users of the scam.
#CommunityAlert @hope_fin have announced the community has been scammed for ~$2m making this the largest #exitscam on Arbitrum in 2023.
$1.86m was transferred to @TornadoCash.
Hope_fin have posted steps for user's to withdraw their staked LPhttps://t.co/hJbFXiKujt— CertiK Alert (@CertiKAlert) February 21, 2023
Details of the project are difficult to come by. The platforms Twitter account was launched in January 2023 and outlined plans for an algorithmic stablecoin called Hope token (HOPE), which dynamically adjusts its supply relative to the price of Ether (ETH).
Posts on the account allege that a Nigerian national had executed the scam and transferred over $1.86 million to Tornado Cash shortly after the platform went live on Feb. 20.A member of the CertiK team told Cointelegraph that the scammer had changed the details of the smart contract, which led to funds being drained from Hope Finance genesis protocol:It appears that the scammer changed the TradingHelper contract which meant that when 0x4481 calls OpenTrade on the GenesisRewardPool the funds are transferred to the scammer.
According to a tweet dated Feb. 13, the Hope Finance smart contract was audited by a Cognitos official. Cointelegraph reviewed the audit summary, which flagged two major contract function vulnerabilities.Cognitos audit of Hope Finances smart contract. Source: Cognitos
This included an incorrect modifier and the possibility of reentrancy attacks. Despite flagging these vulnerabilities, Cognitos found that the smart contract code had passed the audit successfully.
Following the scam, Hope Finance shared information with users to withdraw staked liquidity from the protocol through an emergency withdrawal function.
Steps to withdraw your staked LP from the this fucking scam protocol
1. Go on this linkhttps://t.co/HjuvQyxbUX
2. connect your wallet
3. click on emergency withdraw
Enter 0000000000000000000000000000000000000000000000000000000000000002 pic.twitter.com/5RxtgKXgoo— Hope Finance (,) (@Hope_fin) February 21, 2023
Arbitrumis an Ethereum layer 2 roll-up network that enables exponential scaling of smart contracts.Alongside Optimism, the two layer-2 protocols continue to handle an increasing amount of transactions within the Ethereum ecosystem. #Blockchain #Hackers #Scams #Hacks #DeFi #Arbitrum
Add reaction
Add reaction Related News How to get a job in the Metaverse and Web3 What is a supernet, and how does it work? Haunts me to this day Crypto project hacked for $4M in a hotel lobby MetaMask issues scam alert as Namecheap hacker sends unauthorized emails DeFi exploits and access control hacks cost crypto investors billions in 2022: Report