Decentralized finance (DeFi) protocol Hope Finance suffered a $2 million exploit on February 20th.
The hacker purportedly stole everything from the protocol genesis, according to its Twitter account, which was the first to announce that the community was scammed.
The Arbitrum-based protocol also shared the information of the person while attaching a photograph with a voter’s card.
- The post alleged the hacker to be a Nigerian named Ugwoke Pascal Chukwuebuka who carried out the exploit before transferring funds to Tornado Cash shortly after the platform went live on Feb. 20.
- The Nigerian national’s involvement in the project is still not known but his actual identity has been questioned by community members.
- Blockchain security firm Peckshield confirmed that the hacker transferred around 1,095 ETH, worth more than $1.86 million, through coin mixing protocols.
- Hope Finance’s smart contract was audited by Cognitos. Despite flagging minor vulnerabilities, the platform concluded that Hope Finance’s smart contract code had “passed the audit successfully” and “there were no warnings raised.”
- As per another prominent blockchain security company, CertiK, a fake router was deployed by the scammer at address “0xf188.” The SwapHelper was then updated to use this fake router in the address “0xc9ee” and was approved by all three owners of the DeFi protocol’s multisig “0x8ebd.”
- Hope Finance is yet to release a post-mortem report of the scam. The platform, however, shared steps for users to withdraw staked liquidity from the protocol.