DeFi flash loan hacker liquidates Defrost Finance users causing $12 million loss

Defrost Finance, a decentralized leveraged trading platform on the Avalanche blockchain, has announced that its two versions – Defrost V1 and Defrost V2 – are under investigation for a hack. The announcement came after investors reported losing their Defrost Finance (MELT) and Avalanche (AVAX) tokens staked from MetaMask wallets.

Moments after a few users complained about the unusual loss of funds, Defrost Finance core team member Doran confirmed that Defrost V2 had been the victim of a flash loan attack. At the time, the platform believed that Defrost V1 was unaffected by the hack and decided to shut down V2 for further investigation.

Doran, a member of the core team, confirms the attack on Defrost Finance. Source: Telegram

At the time, the platform believed that Defrost V1 was unaffected by the hack and decided to shut down V2 for further investigation.

Blockchain investigator PeckShield discovered that the hacker had manipulated the LSWUSDC stock price, resulting in a gain of around $173,000 for the hacker. Upon further analysis, PeckShield’s investigation revealed:

“Our analysis shows that a fake collateral token is added and a malicious price oracle is used to liquidate current users. The loss is estimated at over $12 million.

While the company proactively announced the hack, the community suspects a coin toss situation at play.

Defrost V1 was initially announced unaffected by the hack as the first version of Defrost lacked a flash loan feature.

Doran, a member of the main team, confirmed the attack of the two versions of Defrost Finance. Source: Telegram

However, the platform also later acknowledged an emergency for V1, stating:

“Our team is currently investigating. We ask the community to wait for updates and refrain from using V1 or V2 at this time.

Until further notice, investors are advised not to use Defrost Finance. An internal team is currently investigating the situation and will contact users through official channels.

Defrost Finance has yet to respond to Cointelegraph’s request for comment.

Related: Raydium announces hack details and offers compensation for victims

In 2022, North Korean hackers stole crypto worth more than 800 billion Korean won ($620 million) from decentralized finance (DeFi) platforms alone.

A spokesperson for South Korea’s National Intelligence Service (NIS) has revealed that all North Korean hacks have been carried out via overseas DeFi exploits. However, with Know Your Customer (KYC) initiatives in place, the total number of North Korean hacks has seen a significant reduction.