BCCN3

View Original

Defrost to Refund $12M After Flash Loan Attack

Defrost Finance, a DeFi protocol launched on Avalance (AVAX) in August 2020, recently suffered a major security breach that resulted in a loss of $12 million. The exploit was confirmed on Dec. 23 and was carried out using flash loans, a DeFi technology that allows users to borrow funds without having to make a deposit first. The company addressed the hack on Twitter:

In response to the attack, Defrost Finance has announced that it will refund all of the funds that were lost as a result of the exploit. The team is also taking additional measures to avoid such an incident does not happen again. In all of this, Defrost has shown itself to be an upstanding company that handled investor funds properly and ethically, unlike other a number of crypto companies this year.

Flash loan attack

In an announcement through its Telegram channel, Defrost confirmed that the flash loan attack happened on version 2 of the protocol (Defrost v2). 

Screenshot from Core team member Doran confirming the attack. Source: Telegram

The hack was first noticed when customers reported their native MELT Defrost Finance funds missing. Though the attack only occurred on version 2, Defrost engineers immediately began investigating the exploit on both Defrost v1 and Defrost v2. 

The blockchain analytics platform PeckShield confirmed on Twitter that the hacker used a “fake collateral token [...] and a malicious price oracle [...] to liquidate current users.” They went on to confirm that the hackers successfully purloined $173,000 in profit.

Assets recovered, customers refunded

Defrost posted on its Medium page that the hacker had later returned the funds; another post outlined their plan to return the funds to the rightful owners and that the assets are now safe and controlled by a Defrost address. The funds will be converted to the DAI stablecoin at the market rate and users can monitor refund transactions on Etherscan

Defrost has done the right thing in making the refund process transparent, outlining the steps they are taking to reimburse customer assets to their respective wallets. As crypto hacks go, this is the best a company can do to address attacks and Defrost Finance has done a textbook job in handling this distressing situation.

Defrost Finance refortifies prevention

To prevent similar exploits in the future, Defrost Finance has implemented several changes to its protocol. These include increasing security protocols and introducing more robust processes to protect its product and brand. 

Additionally, Defrost plans to introduce a bug bounty program and is currently working on developing features that will further protect users against malicious activities.

The recent attack has been a major setback for Defrost Finance, and the team is taking it seriously. They hope to regain their customers’ trust by refunding those affected and implementing new measures to ensure the security of their platform moving forward. 

With these steps in place, Defrost Finance can continue to provide users with a safe and secure platform for their DeFi activities.