Originally published on: September 16, 2024
BaseBros Fi, a popular yield optimization DeFi project on the Base blockchain, has mysteriously disappeared from the internet after being accused of pulling the rug out from under its investors. The project allegedly made off with users’ investments by exploiting a loophole in an unaudited smart contract.
On September 13th, BaseBros shocked the crypto community by deleting its official website and social media accounts on X and Telegram. In a shocking revelation, blockchain security firm Chain Audits discovered that the DeFi platform had executed a rug pull through an unverified Vault contract, leaving investors high and dry.
Prior to its sudden disappearance, BaseBros boasted a substantial following of around 2,000 users on X and over 3,300 members on Telegram. Chain Audits, which had audited four of the five smart contracts used by BaseBros, uncovered a glaring vulnerability in the unaudited contract. This flaw allowed the project owners to siphon funds from the “Strategy” contract with ease.
Initially, there was confusion surrounding the impact of the rug pull, with some mistakenly believing that the Seamless protocol was affected. However, blockchain investigator Cyvers confirmed that the bad actor made off with $130,000 in stolen funds using the crypto mixing service Tornado Cash.
Following an internal investigation, Seamless assured its users that the protocol and their investments were safe from any potential attacks. Chain Audits also confirmed that BaseBros Fi was the only project affected by the breach, losing funds from multiple pools.
In a related incident, a notorious hacker recently commended the attacker behind the $27 million hack of DeFi protocol Penpie. The Penpie hacker received praise from the Euler Finance hacker, who had pulled off a $195 million heist back in March 2023.
In a surprising turn of events, the Euler Finance hacker returned 90% of the stolen funds in exchange for legal immunity and a 10% reward.
Despite these setbacks, proposed changes in the Ethereum network could potentially save it from a disastrous L2 ‘roadmap to hell’.
