Prospective users of an Arbitrum-based decentralized finance (DeFi) project have been left out of pocket following a $2 million exploit.
ក្រុមហ៊ុនសន្តិសុខ Web3 CertiK បានដាក់ទង់ឧបទ្ទវហេតុនេះនៅថ្ងៃទី 21 ខែកុម្ភៈ បន្ទាប់ពីការប្រកាសពីគណនី Hope Finance Twitter ជូនដំណឹងដល់អ្នកប្រើប្រាស់អំពីការបោកប្រាស់។
#សេចក្តីជូនដំណឹងរបស់សហគមន៍ @hope_fin បានប្រកាសថាសហគមន៍ត្រូវបានគេបោកប្រាស់ក្នុងតម្លៃ ~$2 លានដែលធ្វើឱ្យនេះធំជាងគេ # ចេញពីកាមេរ៉ា នៅលើ Arbitrum ក្នុងឆ្នាំ 2023 ។
1.86 លានដុល្លារត្រូវបានផ្ទេរទៅ @ ថនដូកាកា.
Hope_fin បានបង្ហោះជំហានសម្រាប់អ្នកប្រើប្រាស់ដើម្បីដក LP ភាគហ៊ុនរបស់ពួកគេ។https://t.co/hJbFXiKujt
- CertiK Alert (@CertiKAlert) ខែកុម្ភៈ 21, 2023
Details of the project are difficult to come by. The platform’s Twitter account was launched in January 2023 and outlined plans for an algorithmic stablecoin called Hope token (HOPE), which dynamically adjusts its supply relative to the price of Ether (សាកលវិទ្យាល័យ ETH).
Posts on the account allege that a Nigerian national had executed the scam and transferred over $1.86 million to Tornado Cash shortly after the platform went live on Feb. 20. A member of the CertiK team told Cointelegraph that the scammer had changed the details of the smart contract, which led to funds being drained from Hope Finance genesis protocol:
"វាហាក់ដូចជាអ្នកបោកប្រាស់បានផ្លាស់ប្តូរកិច្ចសន្យា TradingHelper ដែលមានន័យថានៅពេលដែល 0x4481 ហៅ OpenTrade នៅលើ GenesisRewardPool មូលនិធិត្រូវបានផ្ទេរទៅឱ្យអ្នកបោកប្រាស់។"
According to a tweet dated Feb. 13, the Hope Finance smart contract was audited by a Cognitos official. Cointelegraph ពិនិត្យ the audit summary, which flagged two major contract function vulnerabilities.
This included an incorrect modifier and the possibility of reentrancy attacks. Despite flagging these vulnerabilities, Cognitos found that the smart contract code had passed the audit successfully.
Following the scam, Hope Finance shared information with users to withdraw staked liquidity from the protocol through an emergency withdrawal function.
Steps to withdraw your staked LP from the this fucking scam protocol
1. Go on this linkhttps://t.co/HjuvQyxbUX
2. connect your wallet
3. click on emergency withdrawបញ្ចូលលេខ ៦១២២២៤ pic.twitter.com/5RxtgKXgoo
— Hope Finance (,) (@Hope_fin) ខែកុម្ភៈ 21, 2023
អាបធ្មប់ is an Ethereum layer 2 roll-up network that enables exponential scaling of smart contracts. Alongside Optimism, the two layer-2 protocols continue to handle an increasing amount of transactions within the Ethereum ecosystem.
Source: https://cointelegraph.com/news/hope-finance-exploit-results-in-2m-stolen-from-users-funds