The Blueberry decentralized finance (DeFi) protocol took swift action on Friday, suspending its protocol to mitigate potential damage resulting from what it described as "ongoing exploitation." The Blueberry Protocol Foundation issued a report on February 23, acknowledging the situation. Users encountered difficulties withdrawing funds, exacerbated by frontend issues reported by Blueberry, causing disruption to the platform's accessibility.
During the incident, both the website and app experienced temporary outages, displaying an application error message: "A client-side exception occurred." Approximately 30 minutes later, Blueberry confirmed the successful suspension of its protocol, with the website subsequently resuming normal operations. The protocol's pause effectively rendered deposited funds inaccessible, with ongoing updates promised as more information became available.
Blueberry later provided reassurance that all drained funds had been preemptively secured by c0ffeebabe.eth and were now safeguarded within the Blueberry multisig wallet. Efforts were initiated to return the remaining 91 ETH to affected users. Initially, a total of 457 Ethereum was drained, but white hat intervention managed to rescue 366 ETH, subsequently returned to the multisig wallet.
The Blueberry Protocol, facilitating decentralized lending and leveraged lending activities, boasts a total value locked (TVL) of $4.5 million, as per DefiLlama data. Forked from the Compound DeFi protocol, it witnessed a decrease in TVL to $3.15 million following the attack attempt. Notably, c0ffeebabe gained prominence after reclaiming approximately 2,879 ETH (equivalent to roughly $5.4 million) from an exploiter during a July 2023 hack, subsequently returning it to the DeFi protocol Curve Finance.
Ironically, Blueberry had released a "security overview" the day before the incident, touting a "security-first" approach to development and risk mitigation. The protocol claimed to have undergone audits by Hacken and Sherlock, in addition to conducting two independent token security audits. However, promotional tweets related to the "security audit" have since disappeared from Blueberry's communications platform.
