BaseBros Fi: A Disappearing Act
BaseBros Fi, a decentralized finance (DeFi) protocol on the Base blockchain, vanished from the internet on September 13. The project, which focused on yield optimization, reportedly stole users’ investments through an unaudited smart contract. The official website and social media accounts on X and Telegram were deleted following the incident.
Details of the Rug Pull
Blockchain security firm Chain Audits, which had previously audited some of BaseBros Fi’s smart contracts, revealed that the protocol executed a rug pull using an unaudited Vault contract. Chain Audits had examined four out of five smart contracts used by BaseBros Fi, but the critical contract involved in the theft was not included in their audit scope. The unaudited contract had a backdoor vulnerability, allowing the perpetrators to withdraw funds from the ‘Strategy’ contract.
Impact and Misconceptions
Initially, there was confusion about whether the rug pull affected the Seamless protocol due to similar contract labeling. However, blockchain investigator Cyvers clarified that the stolen funds, amounting to $130,000, were funneled through the crypto mixing service Tornado Cash. Seamless conducted an internal investigation and confirmed that their protocol and investor funds were safe from this attack.
Chain Audits’ Findings and Reactions
Chain Audits confirmed that BaseBros Fi was the only protocol affected by this rug pull, which led to losses from multiple pools. The incident underscores the risks associated with unaudited and unverified smart contracts in the DeFi space.
FAQs
What happened to BaseBros Fi?
BaseBros Fi, a yield optimization DeFi protocol on the Base blockchain, disappeared from the internet on September 13. The project was involved in a rug pull, where users’ investments were stolen through an unaudited smart contract. The protocol’s official website and social media accounts were deleted following the incident.
What is a rug pull?
A rug pull is a type of scam in the cryptocurrency and DeFi space where the developers of a project suddenly withdraw all funds from the protocol, leaving investors with significant losses. This typically occurs through vulnerabilities or malicious code in the smart contracts used by the project.
Leave a comment