Share this article
Defrost Finance Hacked in Attack Some Say May Have Been a Rug Pull
The total value of funds locked on the protocol had dropped to less $93,000 on Sunday from about $13 million, Defi Llama data shows.
Updated Apr 9, 2024, 11:04 p.m. Published Dec 25, 2022, 9:50 p.m.
Decentralized-finance protocol Defrost Finance said it was hacked on Friday, though blockchain security firm PeckShield, citing “community intel,” said the exploit may have been a rug pull that made off with $12 million and Certik, another security company, said it had been unable to contact members of the team.
In a tweet thread posted on Sunday, the Defrost team said a first attack used a flash loan to drain funds out of its V2 product. A second larger attack used the owner key to exploit V1. The protocol, which offers leveraged trading on the Avalanche blockchain, didn’t say how much had been taken.
STORY CONTINUES BELOW
Don't miss another story.Subscribe to the Crypto Daybook Americas Newsletter today. See all newsletters
1/4 The Defrost team has been working around the clock to find out more details concerning the events of the past 48 hours.
— Defrost Finance 🔺 (@Defrost_Finance) December 25, 2022
A thread ⬇️
PeckShield’s analysis showed the attack used a fake collateral token together with manipulated pricing.
A rug pull, or exit scam, can occur when developers create and establish a liquidity pool and then remove the funds and disappear after investors have bought the related token. The total value of funds locked on Defrost Finance, which peaked at $95 million in February, was about $13 million in recent weeks, Defi Llama data shows. That dropped to less than $93,000 on Sunday.
If the attack is a rug pull, it's an unusual one. Usually, the team behind the scheme goes silent and can't be contacted. Defrost Finance, however, announced the attack and said in a tweet that it's willing to negotiate with the people responsible for a return of the funds.
Still, an attempt to reach the firm through Twitter failed because direct messages have been disabled on the account. Certik tweeted on Monday that it tried "to contact multiple members of the team but have had no response." An accompanying graphic said it confirmed DeFrost as an exit scam.
DeFiYield, which offers a security layer for smart contracts to help investors avoid getting scammed or hacked, said it conducted an audit of Defrost Finance a year ago, and highlighted the smart contract vulnerability used in the hack.
⚡️ We have warned DeFi Community about the smart contract vulnerability @Defrost_Finance used to rug pull its users.
— De.Fi Antivirus Web3 🛡️ (@De_FiSecurity) December 25, 2022
1 year ago we performed an audit on Defrost.
Audit link: https://t.co/u2JBm7zAq8
Don't wanna get scammed in Crypto?
Follow DeFiYield Audits! 🚨 https://t.co/4Osx19KE0f pic.twitter.com/eIgx3rFn69
Last year, crypto investors lost over $2.8 billion to rug pulls, according to a report by Chainalysis. Rug pulls accounted for 37% of the over $7.7 billion in total illicit revenue from crypto scams that year. The 2022 figure is likely to be higher: A report from blockchain risk-monitoring firm Solidus Labs shows that fraudsters deployed more than 117,000 scam tokens through Dec. 1, 41% more than in all of 2021.
See also: 5 Social Media Crypto Scams to Avoid
UPDATE (Dec. 26, 10:04 UTC): Adds tweet comment from security auditor Certik in first, sixth paragraphs.
More For You
What to know:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
More For You
Pye Finance Raises $5M Seed Round Led by Variant and Coinbase Ventures
The platform aims to make locked Solana staking positions tradable via an onchain marketplace.
What to know:
- Pye Finance raised a $5 million seed round led by Variant and Coinbase Ventures, with participation from Solana Labs, Nascent and Gemini.
- The startup is building an onchain marketplace on Solana for time-locked staking positions that can be traded.
- Pye says the product targets Solana’s large pool of staked SOL, worth roughly $75 billion, and aims to give validators and stakers more flexibility over terms and reward flows.
Top Stories
