Originally published on: September 16, 2024
BaseBros Fi, a popular decentralized finance (DeFi) project built on the Base blockchain, has mysteriously disappeared from the web after executing a rug pull that left its users high and dry. The project allegedly made off with users’ investments through an unaudited smart contract, causing chaos and concern in the DeFi community.
The sudden disappearance of BaseBros Fi was first noticed on Sept. 13 when the project deleted its official website and social media accounts on platforms like X and Telegram. Chain Audits, a leading blockchain security firm that had previously audited some of BaseBros’ smart contracts, discovered that the DeFi project had orchestrated a rug pull through an unaudited and unverified Vault contract.
Prior to its vanishing act, BaseBros had amassed a considerable following of around 2,000 users on X and had over 3,300 members on Telegram. Chain Audits confirmed that while they had audited four out of the five smart contracts used in the BaseBros project, the unaudited contract contained a critical backdoor vulnerability that allowed the company owners to siphon funds from the “Strategy” contract.
Initially, there was confusion regarding which protocol had been affected by the rug pull, with speculation that the Seamless protocol was impacted due to similar contract labeling. However, blockchain investigator Cyvers revealed that the bad actor behind the attack managed to steal $130,000 worth of funds using the crypto mixing service Tornado Cash.
Amidst the chaos, Seamless conducted an internal investigation and assured its investors that the protocol and their funds were secure. Chain Audits also confirmed that BaseBros Fi was the only protocol affected by the attack, losing funds from multiple pools in the process.
In a separate incident, a veteran hacker praised the individual responsible for the $27 million hack of the DeFi protocol Penpie. The Penpie hacker received recognition on-chain from the Euler Finance hacker, who had previously orchestrated a $195 million heist in March 2023. Interestingly, the Euler Finance hacker returned 90% of the stolen funds in exchange for legal immunity and a 10% reward.
In the world of DeFi, unexpected events like the BaseBros Fi rug pull serve as a stark reminder of the risks involved in investing in unverified and unaudited projects. As the industry continues to evolve, it underscores the importance of thorough audits and due diligence to protect investors and maintain trust in decentralized finance.
