DeFi Protocol Blueberry Reports “Ongoing Exploit”

Reading Time: 2 minutes
  • DeFi protocol Blueberry has been exploited and 457 ETH stolen
  • The platform has asked users to withdraw funds to reduce the loss of funds
  • Blueberry has since paused the protocol and assured the safety of deposited funds

DeFi platform Blueberry is working to mitigate losses incurred after suffering an exploit that it first said was “ongoing.” The platform advised users to withdraw funds as it paused the protocol to minimize the amount of funds lost. Blueberry has since confirmed that the exploit didn’t affect deposited funds, something that would be confirmed after a full investigation of the incident.

366 ETH Returned

It’s estimated that the attacker managed to steal roughly $1.3 million (457 ETH) although most of the funds (366 ETH) were returned by a white hat actor who beat the exploiter at his own game. The DeFi platform has already acknowledged receipt of the front-run funds, disclosing @coffeebabe_eth as the white hat entity that helped return the funds.

According to Blueberry, the malicious actor exploited the BTC, OHM and USDC markets, adding that other markets are safe since “all contracts are paused” and that the protocol has been halted “until further notice.”

It’s unclear whether the exploiter got some ideas from the “security overview” that the protocol had posted yesterday and which has since been deleted. In the overview, Blueberry explained how it takes security seriously including paying extra attention to “any internal risks.” 

$6.5 Million Lost

An earlier X post on the protocol’s positive security status is currently missing from Blueberry’s account, raising questions on whether the exploit had made it doubt its security status or the actual origin of its security audit reports.

The Blueberry exploit vector shifts from a rising trend of malicious actors hacking DeFi platforms’ social media accounts and directing followers to crypto  wallet drainers. The exploit comes three weeks after Abracadabra Finance reported losing $6.5 million to a hacker.

With around 91 ETH yet to be returned, it’s yet to be seen whether it’ll also be recovered.