1. Home
    2. /Arbitrum-Based Hope Finance Suffers $2M Hack at Launch

    Arbitrum-Based Hope Finance Suffers $2M Hack at Launch

    Another day, another DeFi exploit. This time, the Arbitrum-based decentralized finance (DeFi) protocol Hope Finance is the victim of a smart contract exploit, with attackers draining approximately $2 million from the platform at launch. Hope Finance Suffers Smart Contract Exploit at Launch Hope has identified the attacker as a Nigerian who goes by the name ... Read more

    Updated Apr 23, 2024
    Lucky Ebosele

    Author by

    Lucky Ebosele

    Arbitrum-Based Hope Finance Suffers $2M Hack at Launch

    Another day, another DeFi exploit. This time, the Arbitrum-based decentralized finance (DeFi) protocol Hope Finance is the victim of a smart contract exploit, with attackers draining approximately $2 million from the platform at launch.

    Hope Finance Suffers Smart Contract Exploit at Launch

    Hope has identified the attacker as a Nigerian who goes by the name Ugwoke Pascal Chukwuebuka. The platform shared a photograph of the alleged scammer with his voter card via a tweet on Monday. According to the project, the attacker claimed everything from its genesis protocol.

    Hope did not give many details on how the exploit occurred or how the funds were drained from its platform. Much details could not be gathered on Hope, but it created its Twitter account last month and went live on February 20 (the same day the attack occurred).

    Blockchain security firm CertiK tweeted that the attacker had moved $1.86 million of the ill-gotten funds through the now-sanctioned Ethereum mixer Tornado Cash to obfuscated transactions.

    Hope tweeted last week that its smart contract was audited by an auditor called Cognitos. A review of the audit spotted two major smart contract functions vulnerabilities, including an incorrect modifier and possible re-entrancy. However, the smart contract code still managed to pass the audit despite the spotted vulnerabilities.

    Meanwhile, following the exploit, the DeFi protocol shared details of how users can withdraw their staked liquidity from the platform through an emergency withdrawal function.

    Crypto Community Reacts

    The latest exploit received some attention from the crypto community, with some people citing foul play. One community member Markuu stated that there is a possibility the doxxed attacker did not steal users’ funds because there are services where people are paid to dox themselves.

    “Still can’t believe nobody on the team would have had never had a video chat with the ‘lead dev,’” he added.

    Another member said he looked up the address from the alleged attacker’s voter card on Google map and it looked like a vacant lot.

    Lucky Ebosele

    Lucky Ebosele

    Editor