Defrost Finance Hack: Hackers Return the Stolen $12M

Defrost Finance, an Avalanche-based stablecoin DeFi project, is claiming that hackers have returned the $12 million funds stolen in the December 23^rd hack on its V1. The DeFi project suffered two large hacks in a single day on December 23^rd and was under the suspicion of an “exit scam”.

Defrost Finance Suffered Two Hacks

On December 23^rd, Defrost Finance’s V1 and V2 were attacked draining $12 million in users’ assets. According to the official investigation, the first hack involved a flash loan attack, which lead to the draining of the funds in the V2.

But the trouble was not over yet. In the second attack, hackers were able to obtain the owner key for a much larger attack on the platform’s V1 product. PeckShield estimated the total loss to be greater than $12 million.

3/4 The same – or another – hacker also managed to steal the owner key for a second, much larger attack on the V1.

We are currently working on finding out how exactly the aggressors managed to obtain the key and used it to exploit the protocol.

— Defrost Finance 🔺 (@Defrost_Finance) December 25, 2022

Immediately after the exploit, PeckShield, citing community intelligence, issued a warning labeling Defrost Finance hack as an exit scam. They explained that a fake collateral token is added and a malicious price oracle is used to liquidate users. On Monday, December 26, CertiK also alleged that the Defrost hack operation was a rug pull as it was not able to contact anyone in the Defrost team.

We received community intel warning the rugpull of @Defrost_Finance. Our analysis shows a fake collateral token is added and a malicious price oracle is used to liquidate current users. The loss is estimated to be >$12M. https://t.co/70iu38OYh7 pic.twitter.com/rSKklgV71I

— PeckShield Inc. (@peckshield) December 24, 2022

But the leverage trading platform on Avalanche has crushed all the allegations by announcing the return of funds stolen in the V1 hack. Shortly after CertiK allegations, the team appeared to announce the return of funds.

In a blog post on Monday, December 26^th, the team announced the hacker involved in the V1 hack has returned the funds and would soon be claimable by their owners. The team wrote:

“We will soon start scanning the data on-chain to find out who owned what prior to the hack in order to return them to the rightful owners. As different users had variable proportions of assets and debt, this process might take a little. However, it will be concluded fairly swiftly.”

The terms of the deal have not been revealed. However, on December 25^th, Defrost Finance announced its willingness to “share 20% (negotiable) of the funds in exchange for the bulk of assets.” At the time of writing, $3 million worth of assets is available on the public address shared by Defrost Finance.

Crypto exploits have become the norm of the day. As Blockchain Journal reported, on December 26^th, the crypto wallet BitKeep was stolen by hackers to get away with $8 million in users’ assets.