Users of the decentralized finance (DeFi) project, Hope Finance, powered by Arbitrum, are currently out of funds following a $2 million smart contract exploit. Web3 security company CertiK confirmed the incident following a tweet from the Hope Finance Twitter account alerting users that they had been scammed.
#CommunityAlert ????@hope_fin have announced the community has been scammed for ~$2m making this the largest #exitscam on Arbitrum in 2023.
$1.86m was transferred to @TornadoCash.
Hope_fin have posted steps for user’s to withdraw their staked LPhttps://t.co/hJbFXiKujt
— CertiK Alert (@CertiKAlert) February 21, 2023
In a bid to stem the damage, Hope Finance informed users of steps to enable them to execute an emergency withdrawal of their staked liquidity from the protocol.
Steps to withdraw your staked LP from the this fucking scam protocol
1. Go on this linkhttps://t.co/HjuvQyxbUX
2. connect your wallet
3. click on emergency withdrawEnter 0000000000000000000000000000000000000000000000000000000000000002 pic.twitter.com/5RxtgKXgoo
— Hope Finance (????,????) (@Hope_fin) February 21, 2023
The DeFi protocol’s Twitter account, launched in January 2023 with just over a thousand followers, had posted several tweets outlining plans for an algorithmic stablecoin called $HOPE, which dynamically adjusts its supply relative to the price of Ether (ETH).
According to posts on Hope Finance’s Twitter account, the scam was carried out by a Nigerian national who sent over $1.86 million to Tornado Cash not long after the protocol went live on February 20.
According to a member of the CertiK team, the scammer modified the smart contract’s specifications, resulting in the withdrawal of funds from Hope Finance ‘s Genesis protocol. The Certik spokesman claims that it appears the scammer altered the TradingHelper contract such that when 0x4481 calls OpenTrade on the GenesisRewardPool, the funds are sent to the scammer’s wallet.
According to a tweet from February 13, Cognitos Audit had reportedly audited the Hope Finance smart contract and flagged vulnerabilities like an incorrect modifier and the potential for reentry attacks. The smart contract code had passed the audit successfully despite Cognitos having flagged these vulnerabilities.
Hope Finance stated in the tweet:
“We are happy to announce that our code was reviewed second time by
@CognitosAudit
Huge thanks to our dev team for their hard work and commitment to excellence!”
According to Cognitos Audit, the audit of the Hope Financial platform was completed, and Hope Finance was satisfied with the quality of the security testing services provided by the company’s professionals.
If you would like to read more news articles like this, visit DeFi Planet and follow us on Twitter, LinkedIn, Facebook, Instagram and CoinMarketCap Community.
“Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”
