- Advanced Installer’s Crypto Twist - October 15, 2023
- Hackers Exploit Designers for Mining - October 15, 2023
- Hackers Target Binance Russia - September 26, 2023
According to CertiK, a security analysis firm, Chibi Finance, a second-tier DeFi project on Arbitrum, allegedly stole tokens worth $1 million shortly after its launch.
The developers of Chibi Finance deployed a malicious contract that enabled them to steal user funds from the project’s smart contracts. Onchain analysis revealed that approximately $1 million worth of ETH (555 ether) were taken from the liquidity pools.
Chibi Finance’s team withdrew tokens from user accounts and converted them into ETH. The funds were then transferred from the Arbitrum network to Ethereum and passed through the Tornado Cash cryptocurrency mixer.
After the liquidity pools were emptied, Chibi Finance’s social media accounts, including Twitter and Telegram, became inactive. Furthermore, the project’s website, chibi.finance, is no longer accessible.
The incident resulted in a drastic 99.2% collapse in the price of CHIBI, the native token of the project. Within hours, its value plummeted from $1.62 to $0.01.
Rug Pulling Incidents and Suspicion Surrounding DeFi Projects: Chibi Finance and Swaprum, Merlin’s Sudden Shutdown
This fraudulent act by the Chibi Finance team is a classic example of “rug pulling” in the DeFi space. Similar to the recent case of Swaprum, a project on Arbitrum, where developers disappeared with almost $3 million shortly after passing a CertiK audit. It was later revealed that the Swaprum team frequently utilized Tornado Cash for money laundering. The project swiftly deleted all of its social media accounts following the incident.
In April, Merlin, a decentralized exchange (DEX), abruptly ceased operations after withdrawing $2 million from user funds. The stolen cryptocurrency was allegedly attempted to be sold on centralized exchanges, including Binance. While Merlin representatives acknowledged the hack, they did not provide specific details about the nature of the attack. Some community members suspect the involvement of the Merlin developers themselves in the deception. Notably, CertiK had audited the crypto exchange and expressed no concerns regarding its reliability.