Kokomo Finance Executes $4M Exit Scam: Users Rug Pulled

• Optimism-based lending protocol Kokomo Finance appears to have executed an exit scam, stealing roughly $4 million of users’ funds.
• Blockchain security firm CertiK flagged the incident on March 26 and alerted Crypto Twitter of price slippage on the project.
• The attacker reset the reward speed, halted the borrow function, and turned the implementation contract into a malicious one.

Kokomo Finance Executes Rug Pull

Optimism-based lending protocol Kokomo Finance appears to have executed an exit scam, stealing roughly $4 million of users’ funds through a smart contract loophole. Blockchain security firm CertiK flagged the incident on March 26, alerting Crypto Twitter of a price slippage on the project and the disappearance of its social media accounts. Kokoma’s website has also gone offline, with an error page popping up whenever users try to access it.

Details of Attack

CertiK disclosed that the deployer of the KOKO token, address 0x41BE, executed an attack on the smart contract of a wrapped Bitcoin token (cBTC). The attacker then reset the reward speed, halted the borrow function, and turned the implementation contract into a malicious one. Another address, 0x5a2d, approved the malicious cBTC smart contract to spend 7010 sonne wrapped BTC (WBTC). Since the implementation contract was already set to this malicious cBTC contract, it allowed for a command to transfer these WBTC tokens to address 0x5C8d. This address swapped 7010 sonne WBTC tokens for 141 wBTC tokens which netted them approximately $4 million in profit.

Reactions From Crypto Community

As news spread about this incident many people took to Twitter and other social media platforms in outrage over what had happened with some likening it to previous exit scams like PlusToken or FCoin. Others suggested that this could be another case where DeFi protocols failed due their lack of proper auditing or testing before going live. Moreover some pointed out that even though there are ways for investors to protect themselves from such events but ultimately projects need better governance structures in order to safeguard user’s money from rug pulls like these.

Impact on KOKO Token Price

The native KOKO token crashed 98% from $0.049 to $0.00065 in 24 hours following announcement by CertiK as investors began selling off their holdings fearing further losses due to risk associated with investing in DeFi protocols like these. The sudden crash also resulted in liquidations as traders who had leveraged their positions soon found themselves unable pay back their loans leading market wide selloff across all major crypto assets including Bitcoin and Ethereum as well as altcoins like XRP and BNB coin .

Lessons Learned

This incident serves as yet another reminder that investing always comes with risks no matter how small they might seem at first glance so investors should always do their own due diligence before committing funds into any project or venture especially when it comes high yield investment opportunities offered by DeFi protocols . It is also important for projects looking at entering DeFi space make sure they get their contracts audited properly by third party firms so that such incidents can be avoided in future .