High yield staking platform Bent Finance has confirmed that it has been attacked, advising investors to withdraw funds – becoming the sixth hacked decentralized finance (DeFi) platform we reported on this month alone.
So far, reported-on December hacks include Badger DAO, Bitmart, AscendEX, Vulcan Forged, and Grim Finance.
Then, in early morning hours on Tuesday, Bent Finance announced that there might be “a possible exploit,” adding that they have disabled reward claims.
“We will update you as soon as we know more, as of now, no funds have been lost,” the team said.
However, according to Joe McGill – the founder of a digital currency risk and advisory company CyChain, and former cyber and cryptocurrency investigator at US Secret Service – an attacker has been funnelling approximately 440 ethereum (ETH) (USD 1.78m) since December 12 after they had “funded one of the primary wallets via TornadoCash cash deposits” on December 9.
Most recently, the Bent Finance team said that there was an exploit from the bent deployer address, which added various amounts of Convex CRV (cvxCRV) and Magic Internet Money (MIM) to “an address on an unverified update 20 days ago.”
“We just discovered this today. There are multiple members on this team and we will make this right,” the team said, again asking users to withdraw all funds.
According to Etherscan transactions, an address, which is now marked “Bent Finance Exploiter,” has been transferring large amounts of DeFi tokens for the last 10 days.
Meanwhile, some users are alleging that this was a rug pull, accusing the Bent Finance developers of running away with investors’ funds.
The BENT coin dropped more than 70% in a single day, now trading at USD 4.52.
– Crypto Security in 2022: Prepare for More DeFi Hacks, Exchange Outages, and Noob Mistakes
– What Did We Learn from the MonoX Hack?
– Solana Slows After Rally, Users Fear First ‘Rug Pull’
– Scammers Stole USD 7.7B in Crypto in 2021 Amid Rug Pull Surge – Chainalysis