BaseBros Fi, a decentralized finance (DeFi) protocol for yield optimization on the Base blockchain, has vanished from the internet after swindling its users’ investments through an unaudited smart contract.
On September 13, BaseBros removed its official website and social media accounts on X and Telegram. Blockchain security firm Chain Audits, which had previously audited some of BaseBros smart contracts, discovered that the DeFi project executed a rug pull through “an unaudited and unverified Vault contract.”
Source:
BaseBrosFi
Just before its disappearance, BaseBros had around 2,000 followers on X and over 3,300 members on Telegram.
Chain Audits declared that it had audited four of the five smart contracts used in the BaseBros project. They added that the unaudited contract contained a backdoor vulnerability, enabling the company owners to withdraw funds deposited into the “Strategy” contract.
Source:
Chain Audits
The rug pull carried out by BaseBros did not affect the Seamless protocol as initially assumed due to similar contract labeling. According to blockchain investigator Cyvers, the bad actor siphoned $130,000 worth of stolen funds through the crypto mixing service Tornado Cash.
Source:
Cyvers
Seamless conducted an internal investigation and assured that the protocol and its investors’ funds were safe from any attacks. Chain Audits also confirmed that BaseBro Fi was the only affected protocol that lost funds from multiple pools.
In related news, the Indonesian crypto exchange Indodax went offline after a suspected $22M hack. Additionally, a skilled hacker commended the perpetrator responsible for the $27 million hack of the DeFi protocol Penpie. The Penpie hacker received an on-chain appreciation message from the Euler Finance hacker, who had stolen $195 million in March 2023. However, the Euler Finance hacker had returned 90% of the stolen funds in exchange for legal immunity and a 10% reward.
Magazine:
Proposed change could save Ethereum from L2 ‘roadmap to hell’