Defrost Finance, a decentralized leveraged trading platform on the Avalanche blockchain, has announced that its two versions – Defrost V1 and Defrost V2 – are under investigation for a hack. The announcement came after investors reported losing their Defrost Finance (MELT) and Avalanche (AVAX) tokens staked from MetaMask wallets.
Moments after a few users complained about the unusual loss of funds, Defrost Finance core team member Doran confirmed that Defrost V2 had been the victim of a flash loan attack. At the time, the platform believed that Defrost V1 was unaffected by the hack and decided to shut down V2 for further investigation.
At the time, the platform believed that Defrost V1 was unaffected by the hack and decided to shut down V2 for further investigation.
Defrost Finance is sad to report that our V2 has been hacked, with an attacker using a flash loan feature to withdraw funds.
The V1 is not concerned. We will close the V2 UI soon and investigate further with our technical team.
Updates will be posted on our official channels.
– Finance Defrost (@Defrost_Finance) December 24, 2022
Blockchain investigator PeckShield discovered that the hacker had manipulated the LSWUSDC stock price, resulting in a gain of around $173,000 for the hacker. Upon further analysis, PeckShield’s investigation revealed:
“Our analysis shows that a fake collateral token is added and a malicious price oracle is used to liquidate current users. The loss is estimated at over $12 million.
While the company proactively announced the hack, the community suspects a coin toss situation at play.
Defrost V1 was initially announced unaffected by the hack as the first version of Defrost lacked a flash loan feature.
However, the platform also later acknowledged an emergency for V1, stating:
“Our team is currently investigating. We ask the community to wait for updates and refrain from using V1 or V2 at this time.
Until further notice, investors are advised not to use Defrost Finance. An internal team is currently investigating the situation and will contact users through official channels.
Defrost Finance has yet to respond to Cointelegraph’s request for comment.
Related: Raydium announces hack details and offers compensation for victims
In 2022, North Korean hackers stole crypto worth more than 800 billion Korean won ($620 million) from decentralized finance (DeFi) platforms alone.
A spokesperson for South Korea’s National Intelligence Service (NIS) has revealed that all North Korean hacks have been carried out via overseas DeFi exploits. However, with Know Your Customer (KYC) initiatives in place, the total number of North Korean hacks has seen a significant reduction.