Base DeFi Project Vanishes After Rug Pull Scam 

Posted on by

What Went Wrong? 

  • Auditing Issues: Chain Audits had reviewed four out of five smart contracts used by BaseBros. However, the critical “Vault” contract was left unaudited and unverified. This was the entry point for the rug pull. 
  • Backdoor Access: The unaudited contract allowed the project owners to withdraw funds deposited into the “Strategy” contract without user permission. 
  • Fund Siphoning: Blockchain investigator Cyvers reported that the attackers managed to siphon $130,000 using a crypto mixing service called Tornado Cash. This made it harder to trace the stolen funds. 

Impact on Other Protocols

Initially, some confusion arose about whether the rug pull affected other protocols on the Base blockchain. The seamless protocol was wrongly assumed to be impacted due to similar contract labeling. However, after an internal investigation, Seamless confirmed that both the protocol and investors’ funds were safe. 

Summary Table: 

Aspect 

Details 

Platform 

Base blockchain 

Project 

BaseBros Fi 

Audited Contracts 

4 out of 5 by Chain Audits 

Unaudited Contract 

“Vault” contract with backdoor vulnerability 

Disappearance Date 

September 13 

Amount Stolen 

$130,000 (approx.) 

Method Used 

Tornado Cash (crypto mixing service) 

Number of Followers 

2,000 on X, 3,300 on Telegram 

Impact on Other Protocols 

None (Seamless protocol confirmed safe) 

 Noteworthy Incidents in DeFi

This incident follows other high-profile DeFi hacks and rug pulls. Recently, a hacker behind the $27 million Penpie hack received praise from the Euler Finance hacker. The latter had returned 90% of the stolen $195 million in exchange for legal immunity and a 10% reward. 

Key Takeaways: 

  • Importance of Audits: Unverified smart contracts are a significant risk in DeFi. Always ensure that all contracts, especially those involving user funds, are thoroughly audited. 
  • User Vigilance: Users should be cautious and conduct their own research before investing in DeFi projects. A project’s social media presence does not guarantee its legitimacy. 
  • Security Firms’ Role: Security firms play a crucial role in identifying vulnerabilities. However, even an audit is not a foolproof guarantee against fraud. 
  • Recovery Challenges: Once funds are stolen through a crypto mixer, recovering them becomes incredibly difficult. The decentralized nature of blockchain makes tracking and recovering assets a challenge. 

This incident serves as a reminder of the inherent risks in DeFi. While these platforms offer innovative financial services, they are still susceptible to scams and hacks. Investors must remain vigilant and prioritize security when engaging with DeFi protocols.