The blockchain security firm, Certik suspected that a permissionless lending protocol Kokomo Finance seemed to be scamming its users through an exit scam, feared to have $4 million stolen.
The CertiK has reported that the dev behind KoKo Token deployed a malicious contract cBTC to set the reward speed and paused the borrow function. This enabled the dev to transfer 7000 Sonne Wrapped Bitcoin (So-WBTC) to “0x5C8d”, which he ultimately swapped for 141 WBTC.
The transfer of the tokens has plunged the KOKO tokens’ value by 95% in no time, and the data from DefiLIama shows that 72% of the total value locked (TVL) held on the Kokomo Finance protocol was in the form of wBTC.
Compiled by Coinbold