Optimistic lending protocol Kokomo Finance is involved in a $4 million “exit scam” in which user funds were withdrawn from the platform through smart contract vulnerabilities.
Blockchain security firm CertiK warned its followers of an “exit scam” in a tweet on March 26, noting that the value of the Kokomo Finance (KOKO) token plummeted 95% in a matter of minutes. CertiK also noted that Kokomo Finance also deleted all social media accounts immediately after the alleged rug pull.
According to CertiK, the deployers of KOKO attacked the smart contract code wrapping the Bitcoin token cBTC by resetting the reward rate and suspending the borrowing function. Afterwards, addresses starting with “0x5a2d..” approved new cBTC smart contracts to spend over 7000 Sonne Wrapped Bitcoin (So-WBTC).
The attackers then invoked another command to swap So-WBTC to the 0x5a2d address, which generated a $4 million profit, according to the security firm. A spokesperson for CertiK told Cointelegraph that this is the biggest “event” the firm has seen on Optimism. Kokomo Finance is an Optimism-based open source non-custodial lending protocol where investors can trade wBTC, Ethereum, Tether, USDC and Wear.
Kokomo Finance has risen rapidly in the rankings in recent days, and blockchain data platforms such as CoinGecko and DefiLlama officially tracked Kokomo Finance shortly after it went live on Optimism on March 25. Recent screenshots show that more than $2 million was locked before Kokomo Finance fell by more than 97%.
According to DefiLlama, more than 72% of the total value locked in the Kokomo Finance protocol is in the form of wrapped bitcoins.
