BaseBros Fi Disappears: DeFi Protocol Removes Website and Social Media
Date: 2024-09-17 Author: Henry Casey Categories: BLOCKCHAIN
BaseBros Fi, a decentralized yield optimization protocol running on the Base blockchain, unexpectedly shut down, leaving investors without access to their investments.
On September 13, 2024, the project’s website, its X social media page, and its Telegram channel were deleted. Investigations revealed that the project used an unaudited smart contract that allowed it to withdraw user funds.
This unaudited contract gave the project operators the ability to withdraw assets from the so-called “strategy contract.”
As a result, several investment pools were quickly emptied. The stolen funds, approximately $130,000, were transferred via Tornado Cash, a crypto mixing service that hides the origin of the transactions.
BaseBros DeFi Protocol, $130K Stolen: How Was the Fraudulent Withdrawal Carried Out?
The BaseBros scam shocked everyone, including 2,000 subscribers on X and over 3,300 members on Telegram.
Before its disappearance, the project heavily advertised its yield optimization features and promised high returns on the Base blockchain.
Chain Audits, which previously audited parts of BaseBros' operations, clarified that while four of the project's contracts were audited, the Vault contract, which was the key element of the theft, was not included in the scope of the audit.
This oversight opened the door for hacking, as the unaudited Vault contract contained a hidden vulnerability that allowed BaseBros to manipulate the system and transfer user funds off the platform.
Mislabeling of contracts added to the confusion, leading some to initially believe that another DeFi project on the Base blockchain, Seamless, had also been hacked.
However, upon further investigation, it was determined that Seamless was not affected by the attack.
According to Cyvers, a blockchain investigator, the confusion arose due to similar contract names used by BaseBros, leading to false assumptions that Seamless was involved.
Despite the timing and similar names, both Chain Audits and Seamless confirmed that only BaseBros was hacked, while Seamless’s contracts and user funds remained intact.
Blockchain security firms like Cyvers tracked the movements of the stolen funds. They found that the criminals transferred the funds to the Ethereum network and then sent them via Tornado Cash.
Fallout in the DeFi Community: Is BaseBros’ Impact Bigger Than It Seems?
Users, especially those new to decentralized finance, are once again reminded of the risks of investing in cryptocurrency.
High returns often blind investors to potential security vulnerabilities or scams.
Blockchain security firms urge users to be extra cautious when interacting with DeFi projects, especially those that do not have completed and verified audits.
While these scams are not new, dozens of them occur daily on public blockchains like Solana.
Withdrawal scams and related schemes accounted for over $765 million last year. The market saw $1.7 billion worth of cryptocurrency stolen, and withdrawal scams accounted for a significant portion of those losses.
The most popular form of scam is tokens that last less than a day, often referred to as “one-day withdrawal schemes.” These tokens are issued, receive a lot of publicity, and then disappear within 24 hours.
Cryptocurrency exchanges remain top targets for hackers, with multi-million dollar attacks continuing into 2024. According to Chainalysis, hacking attacks have increased by 2.8% this year, with the total amount of cryptocurrency stolen reaching $1.58 billion by mid-2024 — an 84% increase from 2023.
Japan, once a major player in the crypto world, has been hit hard by hacks like the Mt. Gox and Coincheck breaches, which have undermined investor confidence.
Japanese platforms like bitFlyer are facing sophisticated attacks including phishing, social engineering, and AI-powered scams. Despite all these security concerns, exchanges are also starting to cooperate with law enforcement, share data, and implement advanced security measures.
