Defrost Finance announced investigating the DeFi flash loan following investors’ complaint of abnormally losing MELT and Avalanche (AVAX) tokens staking in the MetaMask wallets. The loan attacker allegedly liquidated Defrost Finance, leaving users of the decentralized trading platform with a $12M loss.
Defrost V2 Breached
The Avalanche blockchain-based trading platform admitted the unusual losses in the December 23 incident. The core investigation team led by Doran acknowledged that the DeFi loan attack hit the Defrost V2. With preliminary investigations indicating the Defrost V1 was not breached, the engineers closed V1 to prevent further loss of funds.
The assessment by blockchain-based investigator PeckShield revealed manipulation of LSWUSDC share prices to give $173000 gains to the hacker. Subsequent analysis by PeckShield indicated the hacker added a fake collateral token alongside malicious price oracle manipulation to allow the liquidation of existing users. PeckShield estimated the loss to hit $12 million.
Defrost V1 Suffers Emergency
The Defrost Finance community disputed the proactive announcement of the hack, instead suspecting the decentralized trading platform of orchestrating the rug-pull situation. In particular, they regretted the initial admission that Defrost V1 was unaffected by the breach, and preliminary investigation ruled out suffering flash loan function.
Nonetheless, the decentralized platform later admitted that Defrost V1 suffered an emergency crisis. As such, Doran-led investigations confirmed that the platform suffered an attack in the v1 and v2 versions. In an official update conveyed on December 25 via Twitter, the platform warned users to refrain from using v1 and v2.
Intensified Investigations as Defrost Negotiate to Recover Assets
The platform indicated that the hacker stole the owner’s key in a subsequent and scaled attack directed at the v1. The platform reassured the community of intensifying investigations to ascertain how the hackers obtained the key they utilized in exploiting the avalanche blockchain-based protocol.
Defrost Finance acknowledged the support and promised to update the community with new developments using the official channels. In addition, the Defrost team prioritized funds recovery and willingness to negotiate with the aggressors.
Defrost Finance is yet to update on the recovery process despite confirming its desire to share a negotiable 20% of the proceeds in exchange for the hackers returning the bulk crypto assets.