DeFiYield is once more accusing Defrost Finance of “rug-pulling” its users in a Medium blog post on December 27. It comes after several other community members accused the firm of rug-pulling.
DeFiYield cited on-chain data as evidence that the address that requested and later accepted the transactions that installed the malicious source oracle that liquidated users also created the multisig wallet.
Additionally, it claimed that Phoenix Finance (FinNexus) scammed users of $7.6 million in May 2021 in what some have suggested was an “inside job”. FinNexus shared the same developers as Defrost Finance.
Defrost Finance apologized for not providing additional information following the incident. At that time, the DeFi protocol said their primary focus had been assisting users in getting their money.
Defrost refutes rug pull claims
Defrost Finance, hit with a $12 million attack just before Christmas, denied that it had “rugged” its consumers as part of an intricate “exit scam.” However, they remain silent even with many publicly accusing them of rug-pulling, until recently.
The site reported a flash loan attack on December 23 that resulted in the loss of customer cash from its v2 protocol. In another incident, a hacker stole the admin key for a second “far bigger” attack on the v1 protocol the following day.
It is believed that the attacker (or attackers) added a bogus collateral token and a malicious pricing oracle to the flash loan assault to liquidate consumers. Some have claimed that the “exit scam” may have been the work of team members, including blockchain security firms Peckshield and CertiK, in addition to asset management platform DeFiYield, given that an admin key was required to exploit the vulnerability.
However, the Defrost Finance team finally responded to the claims on December 28 in an exclusive statement saying:
‘We refute claims that the squad is comprised of tough users. As much as the incident may cast doubt on people’s perceptions, a compromised key does not necessarily mean a rug pull.’
Defrost Finance’s primary defenses against being involved were two.
First, according to Defrost, if they had intended to stage a rug pull, they would have done it months ago when the total value locked (TVL) was getting close to $200 million.
On December 23, the day of the initial attack, Defrost Finance’s TVL, according to DefiLlama, had dropped to just $13.14 million. When our TVL was 15 times more than it is now, anyone behind a rug pull would have likely misled investors.
Second, according to Defrost Finance, if they had been the culprits, they would have “fled” long ago, but they haven’t.