Blueberry DeFi Protocol Suspends Lending Services After $1.3M Exploit

Blueberry managed to suspend its lending services shortly after suffering an exploit that led to over $1.3 million worth of Ether being drained from the DeFi protocol.

In an X post published on February 23, the Blueberry Protocol Foundation announced that it was currently experiencing an “ongoing exploit” and recommended users to withdraw their funds from Blueberry lending markets while the foundation worked on halting the protocol.

Further details of the exploit:

All of the drained funds were front run by @ coffeebabe_eth (not real twitter, not on socials) and are now safe in the Blueberry multisig, less the validator payment.

The team is in contact with security and comms professionals and will attempt…

— Blueberry Protocol Foundation 🫐🫐 (@blueberryFDN) February 23, 2024

Blueberry Suffers Attack

Shortly after Blueberry’s initial post, users reported having issues with withdrawal, leading the protocol to note that its front end was also down.

“The front end is also down, so if you are able to interact directly with the contracts to withdraw, please do,” Blueberry said in a separate X post.

The website and app went offline briefly, with both noting that “a client-side exception has occurred.”

Approximately 30 minutes later, Blueberry confirmed that it had successfully suspended the protocol. Its website has been restored and is currently fully operational.

An additional update from the protocol stated that all of the drained funds had been front-run by white hat hacker c0ffeebabe.eth and are now resting safely in the Blueberry multisig. A total of 457 ETH (~$1.34 million) was initially drained, but 366 ETH (~$1.07 million) was rescued by c0ffeebabe.eth and returned to the multisig wallet, the team noted.

“Deposited funds are currently safe,” Blueberry said. “Only three markets were affected and the large majority was already returned. Total validator payment (loss) is 91 ETH. We are getting in touch and aim for a full repayment to users as the goal. Protocol is paused.”

The Blueberry Protocol

The Blueberry Protocol is a decentralized lending market that facilitates lending and leveraged borrowing with the ability to go up to 20 times the value of the collateral.

According to DefiLlama, the protocol had a total value locked (TVL) of $4.5 million before the incident. Its TVL has now fallen to $3.11 million after the exploit attempt.

On February 22, Blueberry released a “security overview,” saying that its approach to development and risk mitigation prioritizes security from the outset to prevent any internal risks arising from protocol activity.

The protocol also said that it underwent audits by Hacken and Sherlock who conducted two independent token security audits. However, the tweet promoting the “security review” is no longer visible on Blueberry’s X feed.