Optimism-based lending protocol Kokomo Finance has been suspected of a $4 million “exit scam” that has seen user funds plucked out from the platform via a smart contract loophole.
Blockchain security firm CertiK alerted its followers to the “exit scam” in a March 26 Twitter post, noting that the Kokomo Finance (KOKO) token has plummeted 95% in value in a matter of minutes.
CertiK also noted that Kokomo Finance removed all social media accounts immediately following the alleged rug pull too.
CertiK said the deployer of KOKO attacked the smart contract code of a wrapped Bitcoin token, cBTC, by resetting the reward speed and pausing the borrow function.
After that, an address beginning with “0x5a2d..” approved the new cBTC smart contract to spend over 7000 Sonne Wrapped Bitcoin (So-WBTC).
#CertiKSkynetAlert On 26 March 2023, Kokomo Finance conducted an exit scam and stole ~$4 million in user funds.Details Below https://t.co/BEPwfahblz
The attacker then called another command to swap the So-WBTC to the 0x5a2d address, which produced a $4 million profit, according to the security firm.
A CertiK spokesperson told Cointelegraph that it was the largest "incident" that they’ve detected on Optimism.
Kokomo Finance is an open-source and non-custodial lending protocol on Optimism, where investors could trade for wBTC, Ether (ETH), Tether (USDT), USD Coin (USDC) and DAI.
Kokomo Finance rose up the ranks quickly in recent days, with blockchain data platforms like CoinGecko and DefiLlama officially tracking it shortly after Kokomo Finance went live on Optimism on March 25.
Recent screenshots reveal that more than $2 million was locked into Kokomo Finance prior to it falling more than 97%.
@KokomoFinance is an open source and non-custodial
Read more on cointelegraph.com