en
Back to the list

Hope Finance Exploit Results In $2M Loss Of Users’ Funds

source-logo  econintersect.com 21 February 2023 12:52, UTC
image

Many users of the Arbitrum-based decentralized finance (DeFi) project, Hope Finance, have now been left out of pocket after a $2 million exploit. CertiK Web3 Security Company flagged this incident on February 21, after an announcement from the Hope Finance Twitter accounts notifying users of this scam.

#CommunityAlert 🚨@hope_fin have announced the community has been scammed for ~$2m making this the largest #exitscam on Arbitrum in 2023.

$1.86m was transferred to @TornadoCash.

Hope_fin have posted steps for user's to withdraw their staked LPhttps://t.co/hJbFXiKujt

— CertiK Alert (@CertiKAlert) February 21, 2023

The Arbitrum-based algorithmic stablecoin project has been victimized by a smart contract exploit, seeing $2 million stolen from the users.

Details of the projects are hard to come by. The platform’s Twitter account was unveiled in January 2023 and highlighted plans for an algorithmic stablecoin known as Hope token (HOPE), which dynamically adjusts its prevailing supply depending on the price of Ether (ETH).

Posts on the account claim that a Nigerian national had executed this scam and sent more than $1.86 million to Tornado Cash moments after the platform went live on February 20. A member of the CertiK said that the cybercriminal had changed the details of the smart contract, which resulted in the funds getting drained from the Hope Finance genesis protocol:

“It appears that the scammer changed the TradingHelper contract which meant that when 0x4481 calls OpenTrade on the GenesisRewardPool the funds are transferred to the scammer.”

Based on a February 13 tweet, the Hope Finance smart contract was audited by the Cognitos official. Analysts reviewed the audit summary that flagged two major contract function vulnerabilities.

Cognitos audit of Hope Finance’s smart contract. Source: Cognitos

It included an incorrect modifier and the possibility of reentrancy attacks. Despite massively flagging these vulnerabilities, Cognitos discovered that the smart contract code had passed this audit successfully.

Buy Bitcoin Now

After the scam, Hope Finance shared adequate information with users to withdraw staked liquidity from the protocol via an emergency withdrawal function.

Arbitrum is described as an Ethereum layer 2 roll-up network that enables extensive scaling of smart contracts. Together with Optimism, the two layer-2 protocols continue to handle a growing amount of transactions within the Ethereum network.

econintersect.com