A weekend attack on the Optimism-based lending protocol Kokomo Finance left users reeling from an exit scam that saw the disappearance of all online and offline presence of the platform, along with its developers. The perpetrators manipulated tokens on the protocol, leading to the theft of more than $4 million in user funds.
Kokomo Finance: A Brief Background
Kokomo Finance, which only debuted on March 25, was an Optimism-based lending system that let users exchange, borrow, and lend wrapped cryptos. The cryptos supported by the platform included Bitcoin (BTC), Ether (ETH), Tether (USDT), USD Coin (USDC), and Dai (DAI). Due to the wide coverage of its services and seemingly reliable system, it didn’t have any problem gaining traction with many Optimism users.
The Attack on Kokomo Finance
As quickly as it entered the market, the team behind Kokomo Finance launched a malicious attack contract, cBTC, from KOKO’s primary address on March 26. Security firm CertiK reported via a Twitter thread that this action included adjusting the reward speed, disabling the borrow feature, and making a contract that tricked the protocol into believing it had more liquidity than it truly possessed.
cBTC is a Bitcoin derivative that has been wrapped and issued on the Ethereum network. In addition, a different developer address was utilized to authorize the spending transfer of over 7,000 Sonne Wrapped Bitcoin, which is another Bitcoin derivative token on the Ethereum network. As a result, all the liquidity that users had supplied was shifted to Kokomo, resulting in a loss of over $4 million in user funds.
In the fallout of the attack, Kokomo Finance immediately disabled its official website and social media accounts. On the other hand, its native token KOKO has now slumped over 98%.
Exit Scams and Attack Contracts
Crypto exit scams involve the developers or promoters of a cryptocurrency project attracting investors by marketing a legitimate-looking project, only to pull liquidity and disappear once they have attracted a significant amount of money. These types of scams are on the rise in the crypto world.
Meanwhile, an attack contract refers to a malicious smart contract that is used to manipulate the tokens on a blockchain protocol, with the intention of stealing funds from the users of the protocol. In the case of the Kokomo Finance exit scam, the developers used it to interact with the protocol and trick it into falsely believing that it had more liquidity than it actually had, thereby allowing the developers to bag over $4 million in customer funds.
Red Flags of Exit Scams
While exit scams can be challenging to spot, there are several red flags that investors should watch out for to avoid falling victim to them. Here are some additional ways to spot a potential exit scam:
1. Lack of a Working Product
If a project has been around for a while but has yet to release a working product, it may be a sign that the developers have no intention of delivering on their promises.
2. Unrealistic Promises
If a project promises high returns with little to no risk, it is likely too good to be true. Investors should be cautious of any project that makes such claims.
3. Lack of Transparency
If a project’s developers are not transparent about their identities or the project’s roadmap, it may be a sign that they have something to hide.
4. Shady Marketing Tactics
If a project relies on aggressive marketing tactics to attract investors, it may be a sign that the developers are more interested in making money than delivering a valuable product.
5. Abrupt Changes to the Project’s Roadmap or Direction
If a project suddenly changes its roadmap or direction without a clear explanation, it may be a sign that the developers are not acting in the best interests of their investors.
Conclusion
Exit scams remain a major threat to the crypto community, and investors must remain vigilant to avoid falling victim to them. Platforms like Kokomo Finance may appear legitimate, but investors should always conduct their due diligence and look for red flags before investing their funds.