Kokomo Finance, an open-source and non-custodial lending protocol on Optimism, conducted an exit scam and stole approximately $4 million in user funds, according to a tweet from blockchain security firm CertiK.
The deployer of KOKO Token, address 0x41BE, allegedly deployed an attack contract for cBTC, setting the reward speed, pausing the borrow function, and setting the implementation contract into a malicious one.
Address 0x5a2d then approved the cBTC contract to spend the 7010 Sonne Wrapped Bitcoin (So-WBTC), which were then transferred to address 0x5C8d. Finally, the address 0x5C8d swapped the 7010 So-WBTC to 141 WBTC, resulting in the $4 million profit.
Kokomo Finance’s rapid rise in popularity in recent days, with blockchain data platforms like CoinGecko and DefiLlama tracking it shortly after it went live on Optimism on March 25, made it a prime target for exit scams.
In the fraudulent activity known as an exit scam, dishonest people promote and/or operate a false cryptocurrency organization, and then disappear after they have amassed a sufficient amount of money for themselves. The rug pull is a popular sort of exit scam in which con artists advertise a project and then quit it once they have filled their pockets with money from the scheme.
The prevention of exit scams may be challenging; nonetheless, the success of many of these assaults depends on the victim making a mistake. It is possible to steer clear of them if one is diligent and has the necessary information.
Exit scams have become increasingly prevalent in the crypto industry, with new schemes seemingly popping up every day. The incident with Kokomo Finance underscores the need for greater vigilance and regulation in the crypto industry to protect investors from fraudulent schemes.