CertiK Audits Under Scrutiny as Client Recovers $12 Million in Stolen Funds

2022-12-27 00:30

Ecological stablecoin project Defrost Finance will return $12 million in funds stolen through Dec. 23, 2022, exploit, despite undergoing a code audit by CertiK.

Defrost will use on-chain data to ensure the correct allocation of the stolen funds. The refund comes after an attacker exploited flaws in multiple Defrost smart contracts. Blockchain security firm Peckshield initially reported the attack on Dec. 23, 2022.

Defrost Clients Lose $12 Million

The hacker reportedly drained $173,000 through a flash loan attack leveled at Defrost’s V1 protocol. In a more significant V2 attack, a perpetrator stole $12 million by liquidating users’ positions through a fake collateral token and a malicious price oracle. Attackers later allegedly stole $1.4 million from cross-chain tech aggregator Rubic Finance, raising concerns about vulnerabilities in smart contract code.

Liquidations occur in DeFi when the value of a user’s collateral falls below a lending protocol’s minimum loan-to-value ratio. Stablecoin protocols like Defrost allow users to deposit collateral for a perpetual stablecoin loan. The protocol uses an algorithmically-adjusted stability fee to set the loan’s interest. The introduction of fake collateral to V2 likely compromised Defrost users’ loan-to-value ratios, leading to their liquidations.

CertiK Audits Reveal Centralization Issues

Both hacks have drawn attention to the conclusions that can be drawn from smart contract code audits when assessing the legitimacy of a DeFi project. Blockchain security firm CertiK was implicated in both hacks, with Defrost and Rubic having undergone code audits by the company. 

CertiK audited Defrost V1’s smart contracts in Nov. 2021, listing a critical logic issue and five issues relating to centralization. The former had been resolved at press time, while the latter was acknowledged without evidence of further work. A logic issue, colloquially referred to as a ‘bug,’ allows smart contracts to operate incorrectly without crashing. On the other hand, a centralization issue can cause the compromise of several entities if a hacker gains access to a shared code block or variable.

CertiK also unearthed several centralization issues in Rubic Finance’s SwapContract smart contract, one of which would enable a hacker to withdraw ETH/BNB and other tokens to the hacker’s address.

Audits Don’t Replace Common Sense

Rather than endorsing a project or its assets, CertiK tests smart contracts’ resilience to various attack vectors. It also assesses the contracts’ compliance with acceptable coding standards and compares a project’s smart contracts to those produced by industry leaders. 

Careful scrutiny of CertiK’s website reveals that the company only audits code provided by the DeFi protocol. It advises interested investors to conduct their own due diligence. Additionally, its reports contain the following disclaimer:

“CertiK’s position is that each company and individual are responsible for their own due diligence and continuous security. CertiK’s goal is to help reduce the attack vectors and the high level of variance associated with utilizing new and consistently changing technologies, and in no way claims any guarantee of security or functionality of the technology we agree to analyze.”

While not the complete picture, these reports can provide insight into a project’s risks, helping to inform interested parties about a project. Any proposed changes to the smart contract code can undergo a protocol’s standard voting procedure without government intervention. 

Coinbase CEO Brian Armstrong advocates that DeFi protocols be protected by free speech in the United States rather than be regulated by laws governing financial services businesses.

For Be[In]Crypto’s latest Bitcoin (BTC) analysis, click here.

The post CertiK Audits Under Scrutiny as Client Recovers $12 Million in Stolen Funds appeared first on BeInCrypto.

Similar to Notcoin - Blum - Airdrops In 2024

origin »

World Trade Funds (XWT) íà Currencies.ru

$ 0 (+0.00%)
Îáúåì 24H $0
Èçìåíåèÿ 24h: 0.00 %, 7d: 0.00 %
Cåãîäíÿ L: $0 - H: $0
Êàïèòàëèçàöèÿ $0 Rank 99999
Äîñòóïíî / Âñåãî 0 XWT

million stolen scrutiny certik audits funds under

million stolen → Ðåçóëüòàòîâ: 126


Collective Hacker’s Honeypot Now More Than Satoshi’s Bitcoin Holdings with Over 1 Million BTC Stolen

Hackers have Stolen over 1 million of the 21 Million Bitcoins that will ever Exist Since 2011, hackers have been out to steal Bitcoins from those who own it especially on exchanges. According to data from Chainanalysis, over a billion dollars were stolen through hacks on exchanges alone. It is estimated that Satoshi Nakamoto has […]

2019-5-26 17:00


Cryptopia Hacker’s Ill-Gotten Ethereum (ETH) Funds Still On The Move Per Blockchain Trackers Working Magic

Cryptopia Hacker Still Moving Stolen Funds Around Recently, Cryptopia hit the news officially announcing that it had chosen Grant Thornton as official liquidators to begin its liquidation process. This was as a result of the hacks suffered by the New Zealand crypto currency exchange, causing it to lose at least $16 million. About a week […]

2019-5-22 18:44


Binance CEO Changpeng Zhao Informs Users of Withdrawal and Deposit Exchange Features Back Active

After the 7th of May 2019 hack of the Binance Exchange, wherein 7,000 BTC, worth about 50 million dollars, was stolen, the exchange assured its users of improved security measures. The CEO of Binance, Changpeng Zhao, has however, Informed Binance users that deposit and withdrawal features will be available again next week. Withdrawal/Deposits Services Resumption […]

2019-5-13 20:55


Inside the Binance and Bitcoin Blockchain Reorg Drama: Random Tweet Stirs Up Community Frenzy

When Binance revealed that somewhere in the region of $40 million dollars worth of Bitcoin was stolen from them, it caused the usual reactions from the community. News articles were written Binance's security was questioned, but overall it was just another hack – and not even a significant one compared to some in the past. […]

2019-5-10 02:02


Ransomware Crooks Cashed Out $16 Million from Defunct Bitcoin Exchange: Google Research

By CCN: In the two years leading up to 2018, a spate of ransomware attacks were analyzed in a report by a team of researchers hailing mostly from leading U. S. universities and Google. Results showed a conservative estimate of total funds stolen to be $16 million, with bitcoin providing a way for malicious actors to take payment from anywhere in the world.

2019-5-9 11:50


NYPD Reports Over $2 Million in Bitcoin Stolen by Thieves via Phone Scams Posing as Authorities

Phone scams are on the rise according to officials at the New York Police Department. Thieves have stolen over $2 million posing as false social security officials. Requesting payments are made in BTC, prepaid gift cards and bank wire transfers, they have forced the police to issue warnings to unsuspecting targets. Using trust warranted by […]

2019-5-4 02:25


Ôîòî:

Darknet Market Wall Street Shut Down by the German Federal Criminal Police

In a press release published earlier today, Europol announced that they have shut down the latest darknet marketplace – Wall Street. The market had over one million users and over five thousand vendors and was ranked the world’s second largest dark web market trading drugs, stolen data, fake IDs and other illicit products you would […] The post Darknet Market Wall Street Shut Down by the German Federal Criminal Police appeared first on NullTX.

2019-5-3 19:49


Bitfinex & Tether Respond: We are “Financially Strong”, Will “Fight” NY AG’s “Gross Overreach”

The New York Attorney General Office in a statement on Thursday alleged that Bitfinex lost $850 million and as a coverup used customer and corporate funds from the USDT stablecoin operator Tether. “The issue is not printing tethers to manipulate bitcoin, but Bitfinex having funds “stolen” and then using Tether's funds,” said economist and crypto […]

2019-4-26 21:04