BaseBros Fi, the yield optimization decentralized finance (DeFi) protocol that runs on the Base blockchain, has suddenly disappeared from the crypto world due to allegedly stealing users’ investments to a large extent. On September 13, the platform disabled its official website and wiped its presence from various social media platforms such as X and Telegram.
The blockchain security firm, Chain Audits, which had audited some of BaseBros’ smart contracts, disclosed that the DeFi project performed a rug pull through an using an “unaudited and unverified non-Vault contract.” This alarming revelation was made via a X from Chain Audits, which said that BaseBrosFi took control of the funds in the ecosystem, thus draining them through the compromised contract.
The attack was made in a way that took advantage of an unverified Vault Contract that the BaseBrosFi team used to control the Strategy Contract functions. This breach gave them access to the funds, and they were able to “retire” all Strategy Contracts, thus depleting various pools associated with BaseBrosFi in a matter of minutes.
In a case of misidentification, the Seamless protocol was thought to be among the affected projects due to the contract titles being quite similar. Chain Audits denied being involved in the creation or deployment of the unverified contracts that executed the exploit, as the contracts deployed after their audit had not been presented to them for review.
Delta Prime Faces $6M Crypto Hack
Yet another serious incident occurred in the crypto space when Delta Prime, a DeFi platform, was hit with a cybercriminal hack that led to a theft of over $6 million of their digital assets. The deFi platform first announced that it lost around $4.5 million.
Onchain security platform Cyvers flagged the situation, posting alerts about suspicious transactions tied to DeltaPrimeDefi on the Arbitrum chain. The platform’s admin certainly lost control of their private key, which allowed an unknown attacker to drain liquidity pools DPUSDC, DPARB, and DPBTCb.
Chaofan Shou, co-founder of Fuzzland, pointed out that a malicious actor took advantage of an admin proxy by redirecting it to a harmful contract that had two malicious effects: one, it inflated their deposits in all pools, and two, it resulted in a loss of funds. Nevertheless, these incidents indicate that the growing crypto industry should be better and strictly regulated to protect investors.
Related Reading | Circle Partners with Sony to Boost USDC Adoption on Soneium Blockchain