Doran, a member of Defrost Finance's core team, revealed that Defrost V2 had been targeted by a flash loan attack shortly after a few users voiced their concerns about the odd loss of cash.
What Investigations have unraveled
Defrost Finance's versions, Defrost v1 and Defrost v2, a decentralized leveraged trading platform on the Avalanche blockchain, have been reported as being investigated for a hack. When the news was made, investors had reported losing their staked Defrost Finance (MELT) and Avalanche tokens (1) from their MetaMask wallets. The platform at the time thought Defrost v1 was not touched by the breach and chose to shut down v2 while they looked into it.
Defrost Finance is sad to announce that our V2 has suffered a hack, with an attacker using a flash loan function to withdraw funds.
— Defrost Finance 🔺 (@Defrost_Finance) December 24, 2022
The V1 is not affected. We will soon close the V2 UI and investigate further with our tech team.
Updates will be posted on our official channels.
PeckShield, a blockchain researcher, discovered that the hacker increased his or her profit by almost $173,000 by manipulating the share price of LSWUSDC. The results of PeckShield's study were as follows. The study demonstrates the addition of a phony collateral token and the use of an evil pricing oracle to liquidate existing customers. A loss of more than $12 million is anticipated. Despite the company's proactive announcement of the hack, the neighborhood believes there may have been a rug-pull going on. Defrost v1 was previously declared unaffected by the hack since it lacked a flash loan feature.
What should investors do now?
Doran, a key squad player, confirmed the attack on both Defrost Finance iterations from Telegram. The platform did, however, afterward recognize an emergency for v1, which stated:
"Our staff is looking into it right now. We humbly request that the community hold off on utilizing the V1 or V2 until upgrades are available."
Investors are urged not to use Defrost Finance any longer. An internal team is looking into the matter and will contact users via authorized methods. Hackers from North Korea stole cryptocurrency from only one of the decentralized finance (DeFi) networks in 2022, totaling more than 800 billion Korean won ($620 million). All North Korean hackers used foreign DeFi vulnerabilities, according to a spokeswoman for South Korea's National Intelligence Service (NIS). However, the number of North Korean hackers significantly decreased due to Know Your Customer (KYC) measures. (2)
