The blockchain security firm, Certik suspected that a permissionless lending protocol Kokomo Finance seemed to be scamming its users through an exit scam, feared to have $4 million stolen.
According to the CertiK, the dev behind KoKo Token has deployed a malicious contract cBTC to set the reward speed and paused the borrow function.
After that, the address “0x5a2d…” provide approval to the newly deployed cBTC smart contract to transfer 7000 Sonne Wrapped Bitcoin (So-WBTC) to “0x5C8d”, which he ultimately swapped with 141 WBTC. According to the current market value, the worth of total transferred tokens is around 4 million.
The sudden transfer of the tokens has plunged the KOKO tokens’ value by 95% in no time.
Furthermore, the matter seems shadier after the social media accounts were deleted from Twitter and Discord.
The data from DefiLIama depicts that more than 72% of total value locked (TVL) held on Kokomo Finance protocol were in the form of wBTC.
Also Read: Euler Finance Attacker Returns 58,000 ETH In Two Transactions