An optimism-based decentralized finance (DeFi) platform, Kokomo Finance has perpetrated an exit scam, stealing nearly $4 million in users’ funds through “exit scam” over the weekend.
According to blockchain security firm CertiK, Kokomo’s developers deployed an attack contract cBTC from the main address of the KOKO native token on Sunday, and then resetted the reward speed and paused the borrow function. The cBTC contract was then given approval to spend 7010 Sonne wrapped Bitcoin (So-wBTC), which were transferred to address 0x5C8d and then swapped for 141 wBTC producing a $4 million profit.
The recently lunched Kokomo Finance allowed users to trade, borrow and lend wrapped bitcoin (BTC), Etherem (ETH), Tether (USDT), USD Coin (USDC) and Dai (DAI). It quickly accumulate massive traction among users with more than $2 million locked into Kokomo Finance as of March 26. As per data from DeFiLlama, almost 72% of the total value locked (TVL) in the Kokomo Finance protocol came in the form of wrapped Bitcoin.
To make matters worse, social media accounts and the Kokomo website were quickly deleted following the attack, making it impossible for users to access any information about the platform. This incident highlights the risks associated with investing in cryptocurrencies and the importance of conducting thorough due diligence before investing in any project.