Developers behind the Optimism-based lending protocol Kokomo Finance seemed to conduct an exit scam over the weekend after manipulating tokens on the protocol to effectively steal $4 million in user funds.
An exit scam is said to occur when developers or promoters of a crypto project seem to market a legitimate-looking project to investors only to pull liquidity and erase all online or offline presence once a sizable amount of money has been attracted to that project.
Launched on March 25, Kokomo Finance allowed users to trade, borrow and lend wrapped bitcoin (BTC), ether (ETH), tether (USDT), USD Coin (USDC) and dai (DAI). It quickly gained favor among Optimism users.
On Sunday night, Kokomo developers deployed an attack contract cBTC from the main address of KOKO, Kokomo’s native tokens. They then set the reward speed, paused a borrow feature and created a malicious contract to interact with the rest of the protocol, security firm CertiK said
cBTC is a wrapped bitcoin derivative issued on the Ethereum network. The issuance of this was ultimately used to trick the protocol into falsely believing it had more liquidity when there was none.
Another developer address was then used to maliciously approve a transfer of spending over 7000 Sonne Wrapped Bitcoin, another bitcoin derivative token on Ethereum. These tokens were then used to swap all user-supplied liquidity to Kokomo, amounting to over $4 million.
Social media accounts and the Kokomo website were quickly deleted in the following and inaccessible in Asian morning hours.
Meanwhile, KOKO tokens fell 97%, wiping nearly all value for holders.
The exit scam was the latest in line of a number of growing attacks and exploits in the crypto market. Earlier this month saw a $200 million exploit of Euler Finance.
Learn more about Consensus 2023, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.