Join Our Telegram channel to stay up to date on breaking news coverage
In a well-orchestrated smart contract scam, an Arbitrum-based stablecoin has fallen prey leading to users losing about $2 million from their accounts. CertiK, a renowned Web3 security firm, highlighted the incident following an announcement from Hope Finance Twitter post, notifying the users of the deception.
#CommunityAlert 🚨@hope_fin have announced the community has been scammed for ~$2m making this the largest #exitscam on Arbitrum in 2023.
$1.86m was transferred to @TornadoCash.
Hope_fin have posted steps for user’s to withdraw their staked LPhttps://t.co/hJbFXiKujt
— CertiK Alert (@CertiKAlert) February 21, 2023
Noteworthy, the complete details of the project are yet to be fully disclosed. The Twitter account of the platform was launched in January, 2023. Notably, it outlined the details of an upcoming algorithmic stablecoin known as Hope Token (HOPE). The token is said to dynamically adjust its supply relative to the price of Ether.
The Web3 security entity narrated that the scammer deployed a fake router during the preparation to exit by hope finance. Additionally, the scammer updated the SwapHelper to use the unreliable router to access the wallet’s transfer. Later, the scammer got the approval of all three holders of the Hope token. However, the swindler changed from swapping tokens to sending them as USDC to another address he controlled.
Noteworthy, the Twitter post by Hope finance claims that the scammer had a Nigerian origin and had already transferred over $ 1.8 million of stolen funds to Tornado cash. It is alleged that the transfer took place shortly after the platform went live on February 20. However, the scammer only tampered with the smart contract details, which enabled the funds to be drained from the genesis protocol of Hope Finance.
FUCKING SCAMMER!!!! HE SCAMMED COMMUNITY FOR 2 MLN DOLLARS pic.twitter.com/F3AWKpqZfD
— Hope Finance (💙,🧡) (@Hope_fin) February 20, 2023
Reportedly, one of the CertiK team member noted:
It appears that the scammer tampered with the TradingHelper contract, which meant that when 0x4481 calls OpenTrade on the GenesisiRewardPool, the funds are transferred to the scammer.
How can users withdraw their funds from the platform?
Hope Finance via its tweet on February 13, stipulated that an official from Cognitos audited the smart contract. The representative flagged two significant vulnerabilities in the smart contract. These weaknesses included an improper modifier and reentrancy attacks. Despite the vulnerabilities witnessed, Cognitos revealed a successful audit of the smart contract code.
Notably, Hope Finance shared information with users to withdraw stake liquidity from the platform. This was one way of protecting its users from more fraud. The users could withdraw their funds through an emergency withdrawal function stipulated by the platform. Additionally, the availability of layer-2 protocol is a solution to carry out such cases in the Ethereum platform. Arbitrum is an Ethereum layer 2 roll-up network that facilitates the exponential scaling of smart contracts.
Other scammed websites
Several well-orchestrated cryptocurrency scamming has led to financial losses for various users, including holders of digital assets, organizations and individuals. Recent reports assert that there is an increase in crypto-related frauds, including swindlers and fraudsters who aim to make fast profits.
Apart from Hope Finance, another smart contract manipulation took place in Ethereum Denver, leading to a loss of over $300,000 worth of Ethereum. However, Blockfence recognized the fake web. Notably, it noticed over 2800 wallets were hacked in the previous six months. Additionally, Ethereum Denver, notified its users of the bogus website on the phishing scheme that leads to the theft of funds by the swindlers.
Another day, another scam.
This time the scammer targeted the @EthereumDenver website. Blockfence is here to protect you and fight scammers together: The scam contract was marked as “High Risk” by our ML algorithm and our partners at @GoplusSecurity pic.twitter.com/Jdtoz2Bgu4— Blockfence (@blockfence_io) February 20, 2023
According to reports, EthDenver was set to be launched on February 24 and 25. However, hackers had already purchased a Google advertisement to promote the URL of the malicious website. After the legitimate Ethereum Denver website is on Google search, the fraudulent site is displayed.
On the other hand, in October last year, Mango markets were manipulated as a hacker obtained mango tokens (MNGO). The hacker artificially inflated the token’s value before borrowing funds from the project’s treasury without adequate collateral. It led to almost $110 million being stolen.
Noteworthy, last year was the worst on record concerning crypto crimes. The crypto market swayed, as risk-taking decreased and several crypto businesses went under. Additionally, it led to regulators increasing the need for more consumer protection due to losses incurred by most investors.
More News:
Fight Out (FGHT) – Newest Move to Earn Project
- CertiK audited & CoinSniper KYC Verified
- Early Stage Presale Live Now
- Earn Free Crypto & Meet Fitness Goals
- LBank Labs Project
- Partnered with Transak, Block Media
- Staking Rewards & Bonuses
Â
Join Our Telegram channel to stay up to date on breaking news coverage
Credit: Source link