BaseBros Fi Disappears After Rug Pull on Base Blockchain
BaseBros Fi, a decentralized finance (DeFi) protocol focused on yield optimization, abruptly vanished from the internet after orchestrating a rug pull. The project, built on the Base blockchain, exploited an unaudited smart contract to steal users’ investments.
BaseBros Deletes Website and Social Media Accounts
On Sept. 13, BaseBros Fi erased its official website and social media accounts on X and Telegram. Blockchain security firm, Chain Audits, which had previously audited some of BaseBros’ smart contracts, revealed that the DeFi project carried out the rug pull using “an unaudited and unverified Vault contract.”
Before its disappearance, BaseBros had amassed approximately 2,000 followers on X and over 3,300 members on Telegram.
Vulnerable Smart Contract Went Unaudited
Chain Audits disclosed that they had audited four of the five smart contracts used by BaseBros. Unfortunately, the contract responsible for the rug pull—the Vault Contract—was not part of their audit. They stated:
“Unfortunately, the contract that facilitated the rug pull (Vault Contract) was not included in our audit scope, nor is it verified on the blockchain.”
This unaudited contract contained a backdoor vulnerability, enabling the project’s operators to withdraw funds from the ‘Strategy’ contract without user consent.
No Impact on the Seamless Protocol
Initially, there were concerns that the rug pull might have affected the Seamless protocol, due to similarities in contract labeling. However, blockchain investigator Cyvers confirmed that the bad actor funneled $130,000 worth of stolen funds through Tornado Cash, a well-known crypto mixing service.
Seamless quickly conducted an internal investigation and assured its investors that their funds were safe. Chain Audits also confirmed that BaseBros Fi was the only protocol affected, with multiple pools being drained of funds.
DeFi Hacker Receives On-Chain Praise
Recently, a hacker involved in a $27 million hack on the DeFi protocol Penpie received praise from another high-profile attacker. The Euler Finance hacker, who had stolen $195 million in March 2023, sent an on-chain message saying:
“Good job bro. I didn’t see a hack like this for a while. I’m happy you kept all the money and didn’t let these bastards get back one dollar of what you took. You won, they lost. Good job.”
Despite the praise, the Euler Finance hacker eventually returned 90% of the stolen funds in exchange for legal immunity and a 10% reward.
Key Points:
- BaseBros Fi vanished after stealing user funds through an unaudited smart contract.
- The DeFi project deleted its website and social media accounts on X and Telegram.
- Chain Audits confirmed the rug pull involved an unaudited and unverified Vault contract.
- The rug pull did not impact the Seamless protocol, as confirmed by an internal investigation.
- A Penpie hacker received praise from the notorious Euler Finance hacker for their DeFi attack.