Optimism-based lending protocol Kokomo Finance has been suspected of a $4 million “exit scam” that has seen user funds plucked from the platform via a smart contract loophole. Blockchain security firm CertiK alerted its followers to the “exit scam” in a March 26 tweet, noting that the Kokomo Finance (KOKO) token had plummeted 95% in value in a matter of minutes. CertiK also noted that Kokomo Finance removed all social media accounts immediately following the alleged rug pull too. CertiK said the deployer of KOKO attacked the smart contract code of a wrapped Bitcoin token, cBTC, by resetting the reward speed and pausing the borrow function. After that, an address beginning with “0x5a2d..” approved the new cBTC smart contract to spend over 7000 Sonne Wrapped Bitcoin (So-WBTC). The attacker then called another command to swap the So-WBTC to the 0x5a2d address, which produced a $4 million profit, according to the security firm. The attacker then called another command to swap the So-WBTC to the 0x5a2d address, which produced a $4 million profit, according to the security firm.
Full story : $4M ‘exit scam’ suspected as Kokomo Finance flies off radar, token plunges.
