- Hope Finance suffers a smart contract attack that resulted in the theft of $2 million from users.
- The platform alleges that the scammer was of Nigerian origin and he claimed everything from genesis protocol.
- Hope Finance has shared the instructions for emergency withdrawal via the protocol’s Twitter.
Arbitrum-based Hope Finance, a decentralized finance protocol, has been scammed out of $2 million, making this the greatest exit scam on Arbitrum in 2023.
Hope Finance, through its Twitter account, made a post to notify users of the scam, after which CertiK, a Web3 security firm, flagged the issue.
About the project, its Twitter account was launched in January 2023, after which announcements were made detailing plans for an algorithmic stablecoin dubbed Hope token (HOPE). The token was expected to adjust its supply about the price of Ether dynamically.
According to the notice posted by Hope Finance, the scam was executed by a Nigerian citizen who deposited over $1.86 million to Tornado Cash as soon as the platform went live. The Arbitrum-based protocol shared the person’s details and attached a photo with a voter’s card. The post stated that the Ugwoke Pascal Chukwuebuka scammer claimed everything from the platform’s genesis protocol.
At the time of writing, Hope Finance had not provided more details about the scam and how it occurred. However, according to a member of the CertiK team, the fraudster modified the specifications of the smart contract, causing cash to be siphoned from the Hope Finance genesis protocol. The Certix member said:
“It appears that the scammer changed the TradingHelper contract, which meant that when 0x4481 calls OpenTrade on the GenesisRewardPool, the funds are transferred to the scammer.”
Important to note is that before the platform went live, Hope Finance posted that Cogintos had audited the venue. Based on a review of the audit report, it was discovered that Hope Finance had several “major” weaknesses.
Cognitos mentioned that the DeFi project had issues with incorrect modifiers and reentrancy, which the scammer seemingly leveraged to access the funds. Nonetheless, Cognitos concluded that Hope Finance’s intelligent contract code had successfully passed the audit.
To help users recover remaining funds, the protocol published instructions for users to use the emergency withdrawal option to withdraw their staked liquidity.
Notably, neither the Hope Finance Discord account nor its official website was accessible at the time of writing. In addition to deleted accounts of the protocol’s representative, this has led many in the crypto community to consider it a rug pull more than a scam.
The scamming trend on Arbitrum
Arbitrum is an Ethereum layer two roll-up network enabling intelligent contracts to scale exponentially. Despite this being the biggest scam yet on Arbitrum, there have been more scams since the year began.
For instance, early in February, investors were scammed off $320,000 by Orion Finance in a presale. This happened despite warnings by Marco Paladin, crypto security auditor and founder of Paladin Security, who asked investors to stay away from the Orion Finance presale. Just an hour before the presale, Paladin revealed that Orion’s smart contract was similar to one previously deployed by serial scammers.
Regardless of the warnings, Investors flocked to the presale and met the project’s financing goal of $320,000 in a couple of minutes. The anonymous team behind the project then removed The funds in a textbook rug pull, as predicted by Paladin.
