u.today
Another DeFi protocol becomes a hack victim. While approximately $1 million worth was moved at press time, almost all accounts on the platform might become victims of a new exploit.
Hack's sequence
One of the first reports about the existence of a potential exploit was released by the account "YettyWapp" on Twitter. The account posted a suspicious transaction on a profile that has withdrawn a significantly larger sum than the initial deposit.
The potential hacker's account has moved more than 240 thousand Convex tokens while depositing less than 1,000. The exchange has stated that no funds were stolen.
There is a possible exploit.
— Bent Finance 🌈🦄 (@BENT_Finance) December 21, 2021
1/ - we have disabled claims, you will not be able to claim rewards at the moment.
The decentralized finance platform made the announcement two hours after the initial report warning the platform's users about the possibility of funds being stolen due to an unknown curve exploit.
Later in the day, Bent Finance's official account has announced the limitation of all claiming functions, which means that investors will not be able to claim their rewards from staking or liquidity pools. The decision has been made in order to stop potential pool drainage and keep funds safe.
PeckShield raises concerns
The controversy around the hack topic appeared after blockchain security firm PeckShield stated that the transaction was made from the Bent Finance Deployer, which means that the platform might be somehow tied to the "hack transaction."
Bent Finance's official account did not ignore the security company's tweet and has rapidly answered that they are "seeing the same thing" and are currently looking into it. Community members, on the other hand, immediately accused the DeFi platform of an insider hack, which means that either the administration or someone working close to the exchange in fact knew about the exploit and used it for their own benefit.