- Arbitrum-based Hope Finance users have lost $2 million to a smart contract exploit
- Hope Finance had notified users of an ongoing scam
- The exploit is the largest on the Arbitrum network in 2023
Arbitrum-based decentralized finance (DeFi) platform Hope Finance users have lost $2 million to a smart contract exploit hours after the platform notified users of an ongoing scam. The amount lost in the exploit was first revealed by CertiK, a blockchain-focused security platform. CertiK noted that a huge chunk of the stolen funds went to crypto mixer TornadoCash
Hacked From Nigeria
According to available details, the scam was initiated from Nigeria and came less than a day after the platform was launched yesterday, February 20. According to CertiK, the malicious actor altered the smart contract’s details which allowed the scammer to move funds from the platform’s Genesis Reward Pool. Early last week, Cognitos Audit released an audit of the Hope Finance smart contract that revealed nine vulnerabilities five of which were either major or medium.
#CommunityAlert 🚨@hope_fin have announced the community has been scammed for ~$2m making this the largest #exitscam on Arbitrum in 2023.
$1.86m was transferred to @TornadoCash.
Hope_fin have posted steps for user’s to withdraw their staked LPhttps://t.co/hJbFXiKujt
— CertiK Alert (@CertiKAlert) February 21, 2023
Hope Finance has since provided a way for users to safely withdraw their staked funds. More details about the exploit are hard to come by since the project’s Twitter page is less than two months old and it’s a new protocol.
$540 Million in a Single DeFi Hack
Smart contract exploits are not a new thing in the DeFi world. Last year, a malicious actor exploited a loophole in Wormhole’s code and drained $320 million from the protocol. In other cases, hackers rely on compromised private keys. For example, in the Ronin hack where users lost $540 million, and which stands as the largest DeFi hack to date, hackers initiated fake withdrawals through hacked private keys.
Even as malicious actors prey on DeFi users, over 30 Defi platforms recently joined hands to restore trust in Web 3.0 platforms after such platforms were caught up in hacks and scams in 2022. However, being a decentralized world, it’s hard to ensure vulnerable-free smart contracts since there’s no one tasked with reviewing the protocols’ safety.
