BaseBros Fi Vanishes After Rug Pull

BaseBros Fi, a yield optimization protocol on the Base blockchain, has vanished after allegedly pulling off a rug pull. The platform stole user funds through an unaudited smart contract. BaseBros deleted its official website and social media accounts, including those on X and Telegram, leaving its users without any means of communication or recourse.

Blockchain security firm Chain Audits, which had previously reviewed some of BaseBros’ smart contracts, revealed that the rug pull was conducted via a “Vault contract” that was not part of their initial audit. This contract had a backdoor vulnerability, allowing the owners to siphon off the funds deposited into the project’s “Strategy” contract.

Despite auditing four of the five contracts used in the project, Chain Audits admitted that the Vault contract was not within its audit scope and was not verified on the blockchain. Before the incident, BaseBros had built an active community of approximately 2,000 followers on X and over 3,300 members on Telegram.

The lack of an audit for the Vault contract allowed the project’s creators to carry out the rug pull, making off with their users’ investments.

Seamless Protocol Initially Linked to BaseBros Rug Pull

The initial aftermath of the rug pull led to confusion, with some assuming that another protocol, Seamless, might have been impacted due to similar contract labels. However, blockchain investigator Cyvers clarified that the only affected protocol was BaseBros.

According to Cyvers, the bad actor siphoned $130,000 worth of funds and laundered them through the crypto mixing service Tornado Cash, making it difficult to trace the stolen assets. Seamless conducted its internal investigation and confirmed that its protocol and investor funds were safe from attack.

Chain Audits also reiterated that only BaseBros had been affected, resulting in multiple pools losing funds. BaseBros is not the first DeFi protocol to fall under scrutiny for similar activities. For instance, the PenpieDeFi protocol experienced a $27 million hack recently.

DeFi Platform Delta Prime Hacked, $6M Stolen

In a related development, Delta Prime, a decentralized finance (DeFi) platform, has also been hacked, losing almost $6 million worth of crypto assets. The attack started with the theft of approximately $4.5 million in stablecoins, which the attackers later converted to Ethereum (ETH).

On-chain security platform Cyvers flagged the suspicious activities, stating that the hacker swapped USDC to ETH, suggesting that the hacking incident hasn’t stopped yet and there would be further losses.

Cyvers’ allegations were true as the malicious transactions continued, with the total amount stolen rising to nearly $6 million. This incident has raised security concerns within the crypto community. Delta Prime is the latest in a series of high-profile DeFi attacks this year.

According to Meir Dolev, Cyvers’s CTO, the hackers gained control over the wallet managing Delta Prime’s proxy contracts. They then upgraded these contracts to redirect assets to a malicious contract.

This allowed the attacker to drain liquidity pools on the Arbitrum chain. Dolev stated that the total loss amounted to around $5.9 million. Delta Prime’s hack indicates a sophisticated attack targeting the platform’s vulnerabilities.

Rising Threats to DeFi Platforms

This breach occurred shortly after WazirX, an Indian cryptocurrency exchange, lost over $230 million in a similar attack. That incident was the second-largest cryptocurrency hack of 2024.

These back-to-back security breaches underline DeFi platforms’ growing challenges in safeguarding users’ assets. Concerns about the security of digital assets are not limited to DeFi platforms.

North Korean hackers, including the notorious Lazarus Group, have been flagged as potential threats to larger targets like US-based Bitcoin (BTC) exchange-traded funds (ETFs). Michael Pearl, vice president of GTM strategy at Cyvers, suggested that the sizable value of Bitcoin held by these ETFs is attracting the hackers’ attention.

Pearl emphasized that hackers are constantly strategizing new ways to exploit weaknesses, particularly in areas where significant digital assets are concentrated. The stakes are high as there are an estimated $53.4 billion worth of Bitcoin in on-chain holdings across ETFs.