In a stunning turn of events, Coinbase’s Layer 2 Base has been thrust into the spotlight again due to a double whammy of rugpull incidents that have left investors reeling. The Layer 2 blockchain project, which has recently captured attention with its mainnet launch, was hit not once but twice by rug pull exploits that shook the decentralized finance (DeFi) ecosystem.
According to a recent report, the first blow came when the eagerly anticipated mainnet launch of Coinbase’s Layer 2 Base was marred by an unexpected setback. The project, steadily gaining traction among market participants, was blindsided by a rugpull orchestrated through a DEX named LeetSwap. The malevolent actor behind this exploits targeted a meme coin known as BALD, leading to a loss of assets for users who had bridged their holdings to the BALD liquidity pool. Despite LeetSwap’s valiant efforts to salvage some of the funds, the damage was already done.
Just when it seemed the storm had passed, another tempest descended upon the Layer 2 Base community. This time, the victim was SwirlLend, a DeFi lending protocol operating on the same Layer 2 chain. Experts in blockchain security at PeckShield sounded the alarm, revealing that SwirlLend had fallen victim to a rugpull maneuver, significantly depleting locked assets. Once boasting a substantial value of $784,300, the protocol was left with a mere $49,200, painting a grim picture of the aftermath.
Update: SwirlLend rugged both on #Base and #Linea. The scammer has already bridged ~94 $ETH from #Linea to #Ethereum via Orbiter Finance: Bridge and and is currently in the process of transferring the stolen funds from #Base to #Ethereum
— PeckShieldAlert (@PeckShieldAlert) August 16, 2023
The current balance of the scammer's… pic.twitter.com/zexiNuFVhs
As the situation calms down, the full scope of the harm becomes evident. The breach spared no valuable Ether and USDC tokens, as the wrongdoer transferred $289,500 worth of these assets from Coinbase’s Base to the Ethereum blockchain. The malicious actor made off with 140.68 ETH and 32,600 USDC tokens, while an extra 92 Ether remains locked on the Base chain, compounding the already substantial losses.
In a baffling and audacious move, the exploit’s mastermind erased SwirlLend’s presence from social media platforms, severing all means of communication. Attempts to reach out to SwirlLend for comments have thus far proven futile, leaving investors uncertain and dismayed. The project’s digital footprint, including accounts on platforms like Twitter, Telegram, Discord, and GitHub, has been meticulously wiped out, exacerbating the frustration of those affected.
