Security firms seek to make it more difficult for scammers to get away with DeFi project hacks
The rise of community-oriented blockchain security companies may be making it more difficult for alleged bad actors to get away without a trace.
Early Wednesday, CertiK issued a community alert regarding Flurry Finance, where its smart contracts were allegedly breached by hackers, leading to $293,000 worth of funds being stolen. Shortly after the incident, CertiK published the wallet addresses of the alleged perpetrator, the address of the malicious token contract, and a PancakeSwap pair address allegedly involved in the attack, leading to a warning issued on BscScan. While the firm audited the project's smart contracts, it appears that the exploit was the result of external dependencies.
#CommunityAlert @FlurryFi’s Vault contracts were attacked leading to around $293K worth of assets being stolen from Vault contracts
Incident Analysis
— CertiK Security Leaderboard (@CertiKCommunity) February 22, 2022In another instance, on Feb. 20, social media users reported that Avalanche (AVAX)-based project Atom Protocol allegedly turned into a rug-pull hours after launch, with a screenshot from the project's alleged Twitter account (now deleted) stating:
"There is a problem/mistake in the contracts; we can't do anything. So we have to close the project, sorry."In a report published Tuesday, Assure DeFi, a verification company providing Know Your Customer, or KYC, as well as checks on project developers, lists one French national on file as responsible for Atom Protocol. The firm conducts such checks and then creates publicly viewable compliance content. Through a statement to Cointelegraph, Assure DeFi explained that it's important to understand that knowing someone's name, address, nationality, etc., does not prevent them from committing a crime. But, Assure DeFi reps elaborated:
"It does, however, create an accountability path to pursue legal recourse against bad actors...which is the value that the Assure DeFi KYC Verification process provides."The report lists $87,440 being stolen via the alleged rug pull and estimates that the number of "injured parties" surpasses 1,000. According to Assure DeFi, victims are urged to contact Binance support asking to freeze the alleged perpetrator's wallet and contact French law enforcement authorities regarding the alleged crime.
We believe that many people are still misunderstanding the role of KYC/verification.
KYC is a deterrent and not a scam prevention and if anyone says otherwise they are misleading you.
The real value of KYC is having a validated real-world identity behind a project..
— Assure DeFi (@AssureDefi) February 20, 2022