Hope Finance exploit results in $2M stolen from users’ funds

Potential users of a decentralized finance (DeFi) project based on Arbitrum were left without funds due to a $2 million exploit.

Web3 security firm CertiK flagged the incident on Feb. 21 following an announcement from the Hope Finance Twitter account notifying users of the scam.

#CommunityAlert @hope_fin announced that the community had been scammed out of approximately $2 million, making it the largest #exit camera at Arbitrum in 2023.

$1.86 million was transferred to @TornadoCash.

Hope_fin posted steps for users to withdraw their staged LPshttps://t.co/hJbFXiKujt

— CertiK Alert (@CertiKAlert) February 21, 2023

The details of the project are difficult to find out. The platform’s Twitter account was launched in January 2023 and outlined plans to create an algorithmic stablecoin called the Hope Token (HOPE), which dynamically adjusts its supply relative to the price of Ether (ETH).

Messages on the account claim that a Nigerian citizen committed fraud and transferred more than $1.86 million into Tornado Cash shortly after the platform launched on February 20th. A member of the CertiK team told Cryptooshala that the scammer changed the details of the smart card. the contract that led to the drain of funds from Hope Finance’s genesis protocol:

“It looks like the scammer modified the TradingHelper contract, which meant that when 0x4481 calls OpenTrade on the GenesisRewardPool, the funds are transferred to the scammer.”

According to a February 13 tweet, the Hope Finance smart contract has been verified by a Cognitos official. Cryptooshala reviewed an audit summary that notes two major vulnerabilities in the contract function.

This included the wrong modifier and the possibility of repeated attacks. Despite flagging these vulnerabilities, Cognitos found that the smart contract code was successfully audited.

Following the scam, Hope Finance shared information with users to withdraw staked liquidity from the protocol using the emergency withdrawal feature.

Steps to get your delivered LP out of this fucking scam protocol

1. Follow this linkhttps://t.co/HjuvQyxbUX

2. connect your wallet
3. click on emergency output

Enter 000000000000000000000000000000000000000000000000000000000000000002 pic.twitter.com/5RxtgKXgoo

— Hope Finance (,) (@Hope_fin) February 21, 2023

Arbitrum is an Ethereum layer 2 collapsed network that enables exponential scaling of smart contracts. Along with Optimism, the two layer 2 protocols continue to handle the growing number of transactions in the Ethereum ecosystem.