Share on
- Copy link
New details have emerged about Hope Finance stablecoin project having fallen prey to a smart contract exploit, resulting in $2 million stolen from users.
Last updated Feb 22, 2023 at 08:49 PM
Posted Feb 22, 2023 at 02:32 PM
Arbitrum has once again become a hot topic in the cryptocurrency community. The Ethereum scaling solution's performance has recently improved significantly. Metrics related to on-chain activity, such as the number of daily transactions and funds settled, have reached new highs. Despite the recent progress made by Arbitrum, there was a negative event on Tuesday. A stablecoin project that used Arbitrum was hacked. According to the project's official Twitter account, the alleged hacker is a Nigerian national who was able to exploit the system and take control of everything associated with the project's Genesis Protocol. Web3 security firm CertiK reported the incident on Feb. 21, following an announcement from Hope Finance Twitter informing users of the scam.
It is currently difficult to gather detailed information about the project. In January 2023, the project's Twitter account revealed intentions to launch a new algorithmic stablecoin named Hope token (HOPE). The stablecoin's supply would adjust automatically based on the price of Ether.
According to posts on the project's account, a person from Nigeria was responsible for the scam. The perpetrator allegedly transferred more than $1.86 million to Tornado Cash soon after the platform's launch on February 20. A member of CertiK who examined the situation said that the scammer had modified the smart contract's details. This change led to the loss of funds from Hope Finance's genesis protocol.
On February 13, a tweet stated that an official from Cognitos had audited the Hope Finance smart contract. The contract was examined by experts, who discovered two significant vulnerabilities in the contract's functions. The vulnerabilities were highlighted in the audit summary, which suggests that the flaws could have been a contributing factor to the subsequent scam.
The audit of the Hope Finance smart contract identified two major issues, including a mistake in a modifier and the risk of reentrancy attacks. Despite these concerns, Cognitos, the auditing firm, determined that the contract's code had passed the audit. This suggests that there may have been areas of weakness in the audit process, as the vulnerabilities in the contract were not fully addressed before the scam occurred.
Following the scam, Hope Finance informed its users on how to remove their staked liquidity from the protocol. This was accomplished by an emergency withdrawal function. The move was necessary to minimize losses for the project's users.
Cryptocurrency space saw several instances of scams in in 2022 in which hackers stole large sums of money. CertiK previously warned its community that incidents like scams, exploits, and hacks are likely to continue in the cryptocurrency industry in 2023. Furthermore, CertiK predicts that the frequency of events such as exploits, flash loans, and exit scams will remain high, indicating that cryptocurrency space is still vulnerable to security threats. CertiK also said that it expects there to be more attacks on crypto bridges this year. It warned that people who don't manage their private keys well might be the main reason for wallet hacks in 2023. However, the company also predicted that there will likely be fewer brute-force attacks on crypto wallets this year.