Blueberry, a decentralized finance (DeFi) protocol, successfully halted its operations after taking swift action to minimize potential damage from an ongoing exploit. The Blueberry Protocol Foundation reported the exploit on February 23 and urged users to withdraw their funds from Blueberry lending markets while they worked to pause the protocol as quickly as possible. However, users encountered difficulties when attempting to withdraw, as the front end of the platform was also down. The website and app briefly went offline, displaying an application error message. Approximately 30 minutes later, Blueberry confirmed that it had successfully paused the protocol, and the website resumed normal operation.
In a subsequent update, Blueberry announced that all drained funds had been front-run by c0ffeebabe.eth and were now secure in the Blueberry multisig. Initially, a total of 457 Ether (ETH) was drained, but a so-called white hat was able to rescue 366 ETH and return it to the multisignature wallet. The protocol team emphasized the importance of this recovery.
Blueberry protocol is a decentralized lending market that allows for lending and leveraged borrowing up to 20 times the collateral value. According to DefiLlama, the protocol had a total value locked (TVL) of $4.5 million and was derived from the Compound DeFi protocol. However, after the exploit attempt, the TVL had decreased to $3.15 million.
C0ffeebabe gained prominence when she retrieved approximately 2,879 ETH, equivalent to around $5.4 million, from an exploiter and returned it to the DeFi protocol Curve Finance during a hack in July 2023.
Ironically, on February 22, Blueberry had posted a “security overview” that highlighted its security-first approach to development and risk mitigation to prevent internal risks resulting from protocol activity. The protocol also claimed to have undergone audits by Hacken and Sherlock, as well as two independent token security audits. However, the tweet promoting the security review has since been removed from Blueberry’s social media feed.
The question of whether crypto projects should negotiate with hackers remains debatable.