BaseBros Fi, the yield-optimizing decentralized finance (DeFi) protocol that runs on the Base blockchain, has suddenly disappeared from the crypto world due to alleged theft of users’ investments to a large extent. On September 13, the platform deactivated its official website and removed its presence on various social media platforms such as X and Telegram.
Blockchain security firm Chain Audits, which had audited some of BaseBros’ smart contracts, revealed that the DeFi project had conducted a lottery draw using an “unaudited and unverified non-Vault contract.” This alarming revelation came via an X from Chain Audits, which stated that BaseBrosFi had taken control of the ecosystem’s funds, draining them through the compromised contract.
The attack was carried out in a way that exploited an unverified Vault contract that the BaseBrosFi team was using to control the strategy contract functions. This breach gave them access to the funds and they were able to “withdraw” all the strategy contracts, depleting various pools associated with BaseBrosFi in a matter of minutes.
In a case of misidentification, the Seamless protocol was considered to be among the affected projects due to the similarity of the contract titles. Chain Audits denied involvement in the creation or deployment of the unverified contracts that performed the exploit, as the contracts deployed after their audit were not presented to them for review.
Delta Prime Faces $6 Million Cryptocurrency Hack
Another serious incident occurred in the cryptocurrency sector when Delta Prime, a DeFi platform, was the victim of a hack that led to the theft of over $6 million worth of its digital assets. The deFi platform initially announced that it had lost around $4.5 million.
Onchain security platform Cyvers reported the situation, posting alerts about suspicious transactions related to DeltaPrimeDefi on the Arbitrum chain. The platform administrator likely lost control of his private key, which allowed an unknown attacker to drain the DPUSDC, DPARB, and DPBTCb liquidity pools.
Chaofan Shou, co-founder of Fuzzland, pointed out that a malicious actor took advantage of an admin proxy by redirecting it to a malicious contract that had two malicious effects: first, it inflated their deposits in all pools, and second, it led to a loss of funds. Nevertheless, these incidents indicate that the growing cryptocurrency industry should be better and strictly regulated to protect investors.
Related Readings | Circle Partners with Sony to Drive USDC Adoption on Soneium Blockchain
