Decoding Kokomo Finance $4 Million Rug Pull | QuillAudits

Oh, Kokomo Finance? Just another day in the world of cryptocurrency, I suppose.

On March 26, 2023, Kokomo Finance executed an exit scam (Rug Pull) and took $4 million of user funds. They immediately deleted both their website and all of their social media profiles following the scam.

Vulnerability Analysis & Impact:

On-chain Details:

Deployer Address: 0x41be327a34d5d2f0855ff7e4fb3f6f1748b3310f

Deploying a malicious contract txn:
0xf0b6d4790db47c66e1cf9b9ea0a1fa8fda3b8952e0a78d722f353edf44146eef

Setting Implementation txn: 0xd751d8b98a1720b72e516fc8f8d47a076a60b08013be101f280cf1b728b6f20b

Swapping for 141 BTC: 0x6c6095addf69f5e37d4057f1c58b9c2098ad4c181aa21b8a54c2f66acf3dd3ce
0x34d0c08244df664f4520e4b8656c24dd4dd134c095599028c1f07097a7a6beaf

Exit Scam Steps:

• Kokomo Finance’s deployer deployed contract 0x05b295 for cBTC, then used the _setRewardSpeed function to change the reward and suspend borrowing for any users. They changed the implementation contract into a malicious one that they had deployed earlier.

• Then the address 0x5a2d approved the cBTC contract to spend 7010 sonne WBTC.

• The attacker transferred sonne WBTC to address 0x5C8d by calling 0x804edaad method. EOA 0x5C8d redeemed 7,010 Sonne WBTC for a profit of 141.7 WBTC ( Around $4 Million).

After the Incident:

After the hack, they quickly deleted their website and social media accounts, including Twitter, GitHub, and Medium.

Price Impact:

Following the Rugpull, the token’s worth plummeted. See here.

There are still almost $2 million worth of coins in the project’s pools of optimism.

Status of Funds:

The stolen funds are now held at four addresses:

Conclusion:

This occurrence highlights the risks that are associated with cryptocurrency investments, and it serves as a reminder that investors must exercise caution when dealing with digital assets.

Web3 security- Need of the hour

Why QuillAudits for Web3 Security?
QuillAudits is well-equipped with tools and expertise to provide cybersecurity solutions, saving the loss of millions in funds.

Want more Such Security Blogs & Reports?

Connect with QuillAudits on:
Linkedin | Twitter | Website | Newsletter | Discord | Telegram

New to trading? Try crypto trading bots or copy trading on best crypto exchanges

Join Coinmonks Telegram Channel and Youtube Channel get daily Crypto News

Also, Read

• Free Crypto Signals | Crypto Trading Bots
• An ultimate guide to Leveraged Token
• 16 Best Folding Electric Bikes
• 28 Best Electric Bikes Review
• Top 3 Binance Futures Trading Bots