Optimism DeFi Protocol Kokomo Finance Rug Pulls Users for $4 Million #RubPull #CryptpScammers
Optimism DeFi Protocol Kokomo Finance Rug Pulls Users for $4 Million
Kokomo’s native KOKO token crashed 98% from $0.049 to $0.00065 in the past 24 hours. Optimism-based lending protocol Kokomo Finance appears to have executed an exit scam, stealing roughly $4 million of users’ funds through a smart contract loophole. Blockchain security firm CertiK flagged the incident on March 26, alerting Crypto Twitter of a price slippage on the project and the disappearance of its social media accounts.
CertiK disclosed that the deployer of the KOKO token, address 0x41BE, executed an attack on the smart contract of a wrapped Bitcoin token (cBTC). The attacker then reset the reward speed, halted the borrow function, and turned the implementation contract into a malicious one. Another address, 0x5a2d, approved the malicious cBTC smart contract to spend the 7010 sonne wrapped BTC (WBTC). Since the implementation contract was already set to the malicious cBTC contract, the attacker called a command to transfer the sonne WBTC to the address 0x5C8d. The final transaction saw address 0x5C8d swap the 7010 sonne WBTC to 141 wBTC.
