The scrutiny conducted by security firm CertiK indicated that developers of the optimism-oriented Kokomo Finance protocol executed an exit scam to steal $4 million in users’ funds. The developers would later erase all social media presence leaving the Kokomo tokens’ value to plummet by 98.64%.
Developers Orchestrate $4 million Theft to Unsuspecting Investors
The developers orchestrated the exit scam over the weekend alongside promoters of the crypto project portrayed as a legitimate initiative to the market. The attraction of unsuspecting investors allowed the developers to pull liquidity upon realizing a sizable sum to the project.
Certik analysis indicates that Kokomo Finance was established on Saturday, March 25. The project facilitated users to trade while also accommodating borrowing and lending. The most active pair is KOKO/WETH.
Certik Analysis Shows Developers Exploited the Multiplicity of Tokens to Win Investors’ Confidence
Among the cryptos that users could borrow, lend, and trade include Ether (ETH), USD Coin (USDC), Dai (DAI), Tether (USDT), and wrapped Bitcoin (wBTC).
The multiplicity of cryptos enabled Kokomo Finance to garner popularity, particularly among Uniswap (Optimism) users. The preference of the platform allowed the developers to pull liquidity while erasing their online presence.
Hours later, the Kokomo developers would engineer an attacking contract featuring cBTC using the KOKO’s primary address for the Kokomo’s native tokens. The analysis of the Sunday night event by Certik reveals that the developers quickly formulated the reward speed before pausing the borrowing capability. They would later launch a malicious contract to interact with the entire protocol.
Bitcoin Derivative Tokens Utilized to Stage the Million-Dollar Exploit
cBTC involves a wrapped bitcoin derivative whose issuance relies upon the Ethereum network. The developers resorted to wrapped BTC issuance to hoodwink the protocol to believe in its nonexistent liquidity.
The fraudsters would then utilize another developer address to approve the 7000 Sonne Wrapped Bitcoin maliciously. This subsequent transaction replicated the previous in using a bitcoin derivative token hosted on the Ethereum network.
The developers used the tokens to swap the user-supplied liquidity to the protocol. Besides stealing the proceeds exceeding $4 million, the developers would promptly stage deletion of all social media accounts. Also, the Kokomo website became inaccessible, particularly in the early Asian hours.
Kokomo Finance Market Outlook
Scrutiny of Koko Finance shows the KOKO tokens eroded 98.6% of their value to exchange hands at $0.00065849. In comparison, the transaction volume estimates at $305,661 eroded all worth for the Koko holders.
The execution of the exploit replicates other attacks targeting the crypto market. It rekindles the debate over a $200 million exploit perpetrated on Euler Finance in an early March.