Kokomo Finance, a lending protocol that had recently launched on Optimism, rug pulls users and disappears with approximately $4 million worth of tokens. The project’s token, KOKO, had only been launched less than 36 hours before the rug. The rug occurred through changes made by the project’s deployer address, which rugged Wrapped Bitcoin deposits. The project deleted its website, Twitter, GitHub, and Medium soon after.
Kokomo Finance has taken off with approximately $4 million worth of user funds, leaving users unable to withdraw their funds. The project rugged Wrapped Bitcoin deposits, leaving almost $2M of tokens in its pools on Optimism.
The KOKO Token deployer, with address 0x41BE, created a malicious cBTC contract. They modified the reward speed and paused borrowing. Next, they replaced the implementation contract with the malicious one using the function below. Another address, 0x5a2d, approved the cBTC contract to spend 7010 sonne WBTC. After the implementation contract was switched to the malicious cBTC contract, the attacker used the 0x804edaad method to transfer sonne WBTC to address 0x5C8d. Finally, the address 0x5C8d swapped 7010 sonne WBTC for 141 WBTC (~4M) in profit.
The four addresses currently hold the stolen funds:
Here are some indicators to look for in a smart contract that may indicate it could be a rugpull:
Kokomo Finance’s rugpull highlights the need for thorough security audits and proper measures in decentralized finance. The rug occurred via the deployer address. It’s crucial to audit and secure all protocol aspects.
Explore further Hack Analysis:
Hack Analysis on Euler Finance
DeFiGeek Community JAPAN Hack Analysis
Cream Finance Hack: What Motivates Hackers To Return Stolen Funds?
To mitigate the risks and vulnerabilities in smart contracts and ensure the integrity of your…
Lately, there's been a lot of talk about Web3 spaces, and one of the terms…
Tldr: EigenLayer is a generalized middleware protocol built on top of ethereum that introduces a…
The Dencun upgrade, a hard fork in Ethereum Blockchain implemented on March 13, 2024, is…
The Real Web 3.0! The Dark Forest of blockchains & DeFi, the forest's heart is…
EIP-6963 is going to be a game changer in the user’s experience of interacting with…
This website uses cookies.