Kokomo Finance’s social media presence and websites are offline, while the price of the KOKO token fell more than 95% within a matter of minutes.
News
Optimism-based lending protocol Kokomo Finance has been suspected of a $4 million “exit scam” that has seen user funds plucked from the platform via a smart contract loophole.
Blockchain security firm CertiK alerted its followers to the “exit scam” in a March 26 tweet, noting that the Kokomo Finance (KOKO) token had plummeted 95% in value in a matter of minutes.
CertiK also noted that Kokomo Finance removed all social media accounts immediately following the alleged rug pull too.
Kokomo Finance has either deactivated or deleted its Twitter account. Source: Twitter
CertiK said the deployer of KOKO attacked the smart contract code of a wrapped Bitcoin token, cBTC, by resetting the reward speed and pausing the borrow function.
After that, an address beginning with “0x5a2d..” approved the new cBTC smart contract to spend over 7000 Sonne Wrapped Bitcoin (So-WBTC).
On 26 March 2023, Kokomo Finance conducted an exit scam and stole ~$4 million in user funds.
Details Below https://t.co/BEPwfahblz
The attacker then called another command to swap the So-WBTC to the 0x5a2d address, which produced a $4 million profit, according to the security firm.
Changes to the smart contract code of the KOKO began at about 9 am UTC on March 26. Source: Optimistic Etherscan
A CertiK spokesperson told Cointelegraph that it was the largest “incident” that the firm had detected on Optimism.
Kokomo Finance is an open-source and noncustodial lending protocol on Optimism, where investors could trade for wBTC, Ether (ETH), Tether (USDT), USD Coin (USDC) and Dai (DAI).
Kokomo Finance rose up the ranks quickly in recent days, with blockchain data platforms like CoinGecko and DefiLlama officially tracking it shortly after Kokomo Finance went live on Optimism on March 25.
The price of Kokomo Finance token, KOKO fell over 97% at about 4:10pm UTC time on March 26. Source: CoinGecko
Recent screenshots reveal that more than $2 million was locked into Kokomo Finance prior to it falling more than 97%.
@KokomoFinance is an open source and non-custodial lending protocol built on Optimism and @arbitrum .- Launch on @DefiLlama – Audited by @0xGuard $KOKO TVL : 2M, is continuously increasing, money will flow into this lending platform soon when it is deployed on @Arbitrum. pic.twitter.com/RduuHBWX39
Over 72% of the total value locked in the Kokomo Finance protocol came in the form of wrapped Bitcoin, according to data from DefiLlama.
Cointelegraph attempted to access all social media and blog websites listed on Kokomo Finance’s Linktree page, but all of these links now lead to error pages indicating they have been removed.
Related: 7 DeFi protocol hacks in Feb see $21 million in funds stolen: DefiLlama
Cointelegraph also came across Kokomo Finance’s smart contract audit, which was reviewed and shared by 0xGuard earlier in March.
While most aspects of the audit were passed, “typographical errors” were found, and the owner of the KOKO token was alsfound to have a one-time ability to mint 45% of the maximum supply to an arbitrary address.
Kokomo did not pass all aspects of its smart contract audit, which was reviewed by 0xGuard in March. Source: GitHub
Cointelegraph reached out to 0xGuard for comment but did not receive an immediate response.
Magazine: Should crypto projects ever negotiate with hackers? Probably
Post Disclaimer
The information provided in our posts or blogs are for educational and informative purposes only. We do not guarantee the accuracy, completeness or suitability of the information. We do not provide financial or investment advice. Readers should always seek professional advice before making any financial or investment decisions based on the information provided in our content. We will not be held responsible for any losses, damages or consequences that may arise from relying on the information provided in our content.