A report from a web3 security company, CertiK, revealed that an Arbitrum-based DeFi (decentralized finance) project for stablecoins, Hope Finance, lost $2 million to scammers. Furthermore, the report revealed that the culprits secretly removed this amount from the project’s users’ funds.
Hope Finance Robbed Of $2 Million
The report from the web3 security firm came after the announcement from Hope Finance. The announcement aimed to notify its users of the recent scam case in the community. However, there are not many details regarding the theft case. Notably, the community’s Twitter account is still new since it was created in January 2023.
According to Hope Finance, the culprit is a citizen of Nigeria who transferred more than $1.86 million to a decentralized non-custodian privacy solution, Tornado Cash. This move occurred after the community went live on February 20.
The tweet came almost immediately after the theft incident. The information stated that users should withdraw their staked liquidity from the platform’s protocol. But for this action to be successful, the developers created an emergency function for withdrawal.
Vulnerability In The Smart Contract
According to a member of CertiK, the culprit modified the smart contract details to move the funds from the platform’s genesis protocol quickly. On February 13, an audit by Cognitos officials already noted the vulnerability of two central contracts of Hope Finance. This observation surfaced after the review of the audit.
The two areas that showed vulnerability were the reentrancy attack possibility and an incorrect modifier. But the vulnerabilities did not affect the audit’s success, given that Cognitos found the smart contract code flawless.
This occurrence and several others suggest additional security in the crypto ecosystem. According to a report, the decentralized finance sector witnessed about 155 theft incidents and lost over $3.1 billion in 2022. This figure shows a 56.2% increase in fraud cases compared to the $2,036,015,896 loss in 2021.
As per the top five theft cases in 2022, the total loss was more than $2.3 billion, about a 59.8% loss. A notable example to recall is the FTX crash in November 2022, which amounted to around a $650 million loss.
A Brief On Hope Finance
Hope Finance primarily commits to helping charities and foundations organize how funds flow into their system while maintaining regulatory and audit regulations. The project achieves this aim by providing the foundation’s workflow tools, supporting budgeting, programmatic areas, projects, IFRS accounting, grants, and more. These services are available to both individuals and corporate bodies alike.
The platform uses an Ethereum layer 2 roll-up network known as Arbitrum. This network typically facilitates smart contracts’ exponential scaling and tackles challenges with increasing transactions in the network, thereby guaranteeing optimism. However, these features were not enough to prevent the recent exploit on the platform.
The platform’s plan to release its native algorithmic stablecoin, Hope token (HOPE), was already in the pipeline before the attack. The community aimed to adjust the coin’s supply to match Ether’s price. But now, such plans may only fly once the platform survives the attack.
