Bent Finance confirms pool exploit, advises investors to withdraw funds

Published at: Dec. 21, 2021

Staking and farming platform Bent Finance joins the list to become the sixth crypto establishment to get hacked in December. The acknowledgment of the attack was followed by requesting investors to withdraw their pool funds and disabling the reward claims on the compromised platform. 

Bent Finance first realized the exploit on Monday at roughly 8:55 PM EST, a timeline when the company reported no loss of funds. However, the community suspected a rug-pull event when blockchain investigator PeckShield allegedly located the source of the hack transactions.

We have located the hack tx, which interestingly is sent from the Bent Finance: Deployer @BENT_Finance !!! What is going on?! https://t.co/3L4F1gcNYJ

— PeckShield Inc. (@peckshield) December 21, 2021

“Yes, we see the same and are working through it right now,” said Bent Finance as the team appointed two independent white hat developers to get a better understanding of the unfolding situation. The company confirmed soon after:

1/ There was an exploit from the bent deployer address, it added balance of cvxcrv and mim to an address on an unvierifed update 20 days ago. We just discovered this today. There are multiple members on this team and we will make this right.

— Bent Finance (@BENT_Finance) December 21, 2021

Bent Finance continues to advise its pool investors to withdraw the funds until the exploit is addressed with every update. However, the company has confirmed to recover all stolen funds from the Bent curve pool:

“We recommend you withdraw from the protocol until further notice. We are not going anywhere and will recover from this one way or another.”

According to crypto fraud investigator and former member of the US Secret Service Joe McGill of TRM Labs, the attackers managed to steal approximately 440 Ethereum (ETH), worth more than $1.6 million at the time of writing.

McGill’s investigations hinted that the attack has been ongoing since Dec. 12, which contradicts Bent Finance’s finding that suspects the attacker’s presence over the network since Dec. 1.

In December alone, five crypto companies — including Grim Finance, BitMart and AscendEX — cumulatively lost over $600 million as a direct result of a successful hack. However, further investigations are underway to identify the losses from the Bent Finance exploit.

Bent Finance has not yet responded to Cointelegraph’s request for comment.

Related: Indian prime minister Modi's hacked Twitter account attempts BTC scam

Running parallel to the ongoing exploits on crypto businesses, December was also a witness to a momentary compromise of Modi’s Twitter account, which was used to spread misinformation about Bitcoin’s (BTC) mainstream adoption in India.

As Cointelegraph reported, hackers from unknown origins took control of the prime minister’s account on Dec. 12 with over 73.4 million followers to declare BTC as a legal tender in addition to announcing a 500 BTC giveaway for the Indian citizens.

Tags
Related Posts
Huobi and Shiba Inu community to help BitMart overcome $200M hack
Following a near $200 million hack on the BitMart exchange, the Shiba Inu (SHIB) community and crypto exchange Huobi Global aim to help the exchange strengthen security and track inflows of stolen assets. On Dec. 5, crypto exchange BitMart became victim to a hot wallet compromise hosted over the Ethereum (ETH) and Binance Smart Chain (BSC) blockchains. As a result, the hackers were able to steal over $196 million, roughly $100 million over the Ethernet network and around $96 million over the BSC blockchain. 1/3 We have identified a large-scale security breach related to one of our ETH hot wallets …
Blockchain / Dec. 6, 2021
CoinMarketCap hack reportedly leaks 3.1 million user email addresses
CoinMarketCap, a price-tracking website for cryptocurrencies, has reportedly fallen victim to a hack that leaked 3.1 million (3,117,548) user email addresses. The information came into light after the hacked email addresses were found to be traded and sold online on various hacking forums, and revealed by Have I Been Pwned, a website dedicated to tracking hacks and compromised online accounts. CoinMarketCap, a subsidiary of Binance cryptocurrency exchange, confirmed that the list of leaked user accounts matched its userbase: “CoinMarketCap has become aware that batches of data have shown up online purporting to be a list of user accounts. While the …
Blockchain / Oct. 23, 2021
Industry at a Crossroads, Crypto Enters Fourth Phase of Development
The crypto space is well over a decade old with more than 5,500 different cryptocurrencies and a market capitalization north of $250 billion. Researchers at American venture capital firm Andreessen Horowitz say the 11-year old industry is in its fourth supercycle with the three previous epochs culminating in distinct developments that have gone on to shape the market as a whole. In a report issued earlier in May, the VC firm posited that despite the apparently chaotic nature of the crypto market, each previous cycle has proceeded in roughly the same order. According to the report, every new stage begins …
Decentralization / May 24, 2020
Crema Finance shuts liquidity protocol on Solana amid hack investigation
Crema Finance, a concentrated liquidity protocol over the Solana blockchain, announced the temporary suspension of its services owing to a successful exploit that has drained a substantial but undisclosed amount of funds. Soon after realizing the hack on its protocol, Crema Finance suspended the liquidity services to refrain the hacker from draining out its liquidity reserves — which include the funds of the service provider and investors. Attention! Our protocol seems to have just experienced a hacking. We temporarily suspended the program and are investigating it. Updates will be shared here ASAP. — CremaFinance (@Crema_Finance) July 3, 2022 Speaking to …
Decentralization / July 3, 2022
Velodrome recovers $350K stolen funds from team member Gabagool
Velodrome Finance, a trading and liquidity marketplace, announced the recovery of $350,000 stolen on Aug. 4. However, the occasion turned bittersweet when internal investigations pointed out the involvement of a prominent team member, who goes by the pseudo name Gabagool. On Aug. 4, one of Velodrome’s high-worth wallets — dedicated for operating funds such as salaries — was drained off $350,000 before it could be transferred to the company’s treasury multisig wallet. A subsequent internal investigation revealed the attacker’s identification, which allowed the company to recover the entire loot. Velodrome’s official statement revealed: “Much to our disappointment, we learned the …
Blockchain / Aug. 14, 2022