BaseBros Fi, a decentralized finance (DeFi) project on the Base blockchain, has vanished after taking its users' funds in a rug pull scheme.
The project wiped its online presence on September 13, removing its website and deactivating its accounts on X and Telegram.
Blockchain security firm Chain Audits revealed that the scam was carried out through a "Vault Contract" that hadn't been audited or verified. While they had reviewed four of BaseBros' five contracts, the one used for the rug pull was not part of their audit.
Did you know?
Want to get smarter & wealthier with crypto?
Subscribe - We publish new crypto explainer videos every week!
Layer 2 Scaling Solutions Explained With Animations
Chain Audits explained that this particular contract contained a backdoor vulnerability, giving the project owners complete control to withdraw funds from the "Strategy" contract without the users' knowledge.
Cyvers, a blockchain security platform, confirmed that the scammers behind the rug pull managed to steal $130,000 worth of crypto and used Tornado Cash to launder the funds. This service is known for enabling users to obscure transaction origins and destinations, making it difficult to trace the assets.
The incident was previously mistakenly linked to an attack on the Seamless protocol due to the similarity in how contracts were labeled. In response to the confusion, Seamless reassured its users that neither their protocol nor their investors' funds were compromised in any way.
This sudden disappearance is a reminder of the risks involved in the DeFi space, where unaudited contracts can create serious vulnerabilities.
In other news, Indonesia's largest cryptocurrency exchange, Indodax, was recently hacked, resulting in the theft of about $22 million in digital assets.