A decentralized finance (DeFi) project for stablecoins based on the Arbitrum blockchain called Hope Finance was conned out of two million dollars, according to a report produced by a web3 security business called CertiK. In addition, the research disclosed that the perpetrators had stealthily taken this sum of money from the monies contributed by the project's customers.
Two Million Dollars Stolen From Hope Finance
After the announcement (1) made by Hope Finance was when the report from the web3 security firm was released. The purpose of the announcement was to make its users aware of the recent scam within the group.
On the other hand, there aren't a lot of specifics available about the theft case. Importantly, the Twitter account for the community was just launched in January of 2023, making it one of the newest online presences for the group.
As per Hope Finance, the person responsible is a Nigerian national who sent more than $1.86 million to Tornado Cash, a decentralized non-custodial privacy solution.
The message appeared just a few short moments after the theft had taken place. According to the information, users were instructed to remove their staked liquidity from the platform's protocol. The developers, however, had to add an emergency capability for withdrawal for this move to succeed.
The Smart Contract Weaknesses
A representative of CertiK has stated that the perpetrator changed the details of the smart contract to speed up the process of moving funds away from the platform's genesis protocol.
During an audit, the risk of two important contracts held by Hope Finance was identified on February 13 by authorities from Cognitos. The two areas that revealed a vulnerability were the likelihood of a reentrancy attack and the presence of an erroneous modifier.
Nonetheless, the flaws did not prevent the audit from being successful because Cognitos discovered that the code for the smart contract was error-free.
This instance and a few others suggest that extra safety measures should be implemented inside the crypto ecosystem. According to a survey, the decentralized finance industry was subject to around 155 theft cases in 2022, resulting in a more than $3.1 billion loss.
According to the top five cases of theft in 2022, the total loss amounted to more than $2.3 billion, or almost a 59.8% loss. An important example is remembering the FTX catastrophe in November 2022, which resulted in a loss of around $650 million.
Hope's Financial Situation
Hope Finance is committed largely to assisting charitable organizations and foundations in organizing the flow of funds into their system while adhering to regulatory and auditing requirements.
The project accomplishes this objective in various ways, including providing workflow tools for the foundation, support for budgeting and programmatic areas, projects, grants, and more. The provision of these services is open to both private individuals and public corporations alike.
Arbitrum is the name of the Ethereum layer 2 roll-up networks utilized by the platform. This network generally makes exponential scaling of smart contracts easier to do and addresses obstacles posed by an increasing number of transactions within the network; as a result, optimism is guaranteed.
Unfortunately, the recent vulnerability on the platform could not be stopped by using these features because they were insufficient.
Before the attack, preparations were already on for the network to launch its native algorithmic stablecoin, the Hope token (HOPE). The community worked toward balancing the coin's supply with the price of Ether. Yet, such strategies can only be implemented if the platform can withstand the attack.