Defrost Finance announced that the stolen funds were recovered.
Explaining that v1 and v2 products were abused the other day, the project said that it got back the funds lost due to the v1 attack.
“Soon we will start scanning on-chain data to find out who had how much assets before the attack so we can return them to their rights holders. This process may take some time as users have varying amounts of assets and liabilities.”
The project’s team said that the first attack used a flash loan to drain the funds in the v2 product. Then the owner key was used to take advantage of v1. The protocol, which offers leveraged trading on the Avalanche blockchain, did not disclose how much funds were withdrawn.
The hacked funds have been returned to #DefrostFinance.
The affected users will very soon be able to claim their assets back.
Details ?https://t.co/RpDqKAK44y
— Defrost Finance ? (@Defrost_Finance) December 26, 2022
Blockchain security firm Peckshield, citing information received by the community, said the attack could have been a “rug pull” worth $12 million. Today, another security company, Certik, also released a graphic describing the Defrost attack as a rug pull, noting that the protocol was unable to communicate with team members.
A rug pull can be argued to occur when developers remove funds after creating a liquidity pool or disappear after persuading investors to buy their own tokens. After such developments, the developer team becomes silent and it becomes difficult to hear from the project. However, Defrost Finance announced the attack and expressed that they wanted to negotiate with the people responsible for the return of the funds.