Bent Finance confirms pool exploit, advises investors to withdraw funds

Staking and farming platform Bent Finance joins the list to become the sixth crypto establishment to get hacked in December. The acknowledgment of the attack was followed by requesting investors to withdraw their pool funds and disabling the reward claims on the compromised platform. 

Bent Finance first realized the exploit on Monday at roughly 8:55 PM EST, a timeline when the company reported no loss of funds. However, the community suspected a rug-pull event when blockchain investigator PeckShield allegedly located the source of the hack transactions.

We have located the hack tx, which interestingly is sent from the Bent Finance: Deployer @BENT_Finance !!! What is going on?! https://t.co/3L4F1gcNYJ

— PeckShield Inc. (@peckshield) December 21, 2021

“Yes, we see the same and are working through it right now,” said Bent Finance as the team appointed two independent white hat developers to get a better understanding of the unfolding situation. The company confirmed soon after:

1/ There was an exploit from the bent deployer address, it added balance of cvxcrv and mim to an address on an unvierifed update 20 days ago. We just discovered this today. There are multiple members on this team and we will make this right.

— Bent Finance (@BENT_Finance) December 21, 2021

Bent Finance continues to advise its pool investors to withdraw the funds until the exploit is addressed with every update. However, the company has confirmed to recover all stolen funds from the Bent curve pool:

“We recommend you withdraw from the protocol until further notice. We are not going anywhere and will recover from this one way or another.”

According to crypto fraud investigator and former member of the US Secret Service Joe McGill of TRM Labs, the attackers managed to steal approximately 440 Ethereum (ETH), worth more than $1.6 million at the time of writing.

McGill’s investigations hinted that the attack has been ongoing since Dec. 12, which contradicts Bent Finance’s finding that suspects the attacker’s presence over the network since Dec. 1.

In December alone, five crypto companies — including Grim Finance, BitMart and AscendEX — cumulatively lost over $600 million as a direct result of a successful hack. However, further investigations are underway to identify the losses from the Bent Finance exploit.

Bent Finance has not yet responded to Cointelegraph’s request for comment.

Related: Indian prime minister Modi's hacked Twitter account attempts BTC scam

Running parallel to the ongoing exploits on crypto businesses, December was also a witness to a momentary compromise of Modi’s Twitter account, which was used to spread misinformation about Bitcoin’s (BTC) mainstream adoption in India.

As Cointelegraph reported, hackers from unknown origins took control of the prime minister’s account on Dec. 12 with over 73.4 million followers to declare BTC as a legal tender in addition to announcing a 500 BTC giveaway for the Indian citizens.

Huobi and Shiba Inu community to help BitMart overcome $200M hack   Dec. 6, 2021
CoinMarketCap hack reportedly leaks 3.1 million user email addresses   Oct. 23, 2021
Industry at a Crossroads, Crypto Enters Fourth Phase of Development   May 24, 2020
Crema Finance shuts liquidity protocol on Solana amid hack investigation   July 3, 2022
Velodrome recovers $350K stolen funds from team member Gabagool   Aug. 14, 2022