{"id":554563,"date":"2023-02-21T13:15:36","date_gmt":"2023-02-21T10:15:36","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/hope-finance-exploit-results-in-2m-stolen-from-users-funds\/"},"modified":"2023-02-21T13:15:36","modified_gmt":"2023-02-21T10:15:36","slug":"hope-finance-exploit-results-in-2m-stolen-from-users-funds","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/hope-finance-exploit-results-in-2m-stolen-from-users-funds\/","title":{"rendered":"# Hope Finance exploit results in $2M stolen from users&#8217; funds"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a3056b1e734c\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a3056b1e734c\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/hope-finance-exploit-results-in-2m-stolen-from-users-funds\/#%E2%80%9D_Hope_Finance_exploit_results_in_2M_stolen_from_users_funds_%E2%80%9C\" >&#8221; Hope Finance exploit results in $2M stolen from users&#8217; funds &#8220;<\/a><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"%E2%80%9D_Hope_Finance_exploit_results_in_2M_stolen_from_users_funds_%E2%80%9C\"><\/span>&#8221; Hope Finance exploit results in $2M stolen from users&#8217; funds &#8220;<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<div class=\"post-content\" data-v-48054ca8>Prospective users of an Arbitrum-based decentralized finance (DeFi) project have been left out of pocket following a $2 million exploit.<\/p>\n<p>Web3 security firm CertiK flagged the incident on Feb. 21, following an announcement from the Hope Finance <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">Twitter<\/a> account notifying users that they had been scammed. <\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\"><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/hashtag\/CommunityAlert?src=hash&amp;ref_src=twsrc%5Etfw\">#CommunityAlert<\/a> <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/Hope_fin?ref_src=twsrc%5Etfw\">@hope_fin<\/a> have announced the community has been scammed for ~$2m making this the largest <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/hashtag\/exitscam?src=hash&amp;ref_src=twsrc%5Etfw\">#exitscam<\/a> on Arbitrum in 2023.<\/p>\n<p>$1.86m was transferred to <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/TornadoCash?ref_src=twsrc%5Etfw\">@TornadoCash<\/a>.<\/p>\n<p>Hope_fin have posted steps for user&#8217;s to withdraw their staked LP<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/hJbFXiKujt\">https:\/\/t.co\/hJbFXiKujt<\/a><\/p>\n<p>\u2014 CertiK Alert (@CertiKAlert) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/CertiKAlert\/status\/1627950776579420163?ref_src=twsrc%5Etfw\">February 21, 2023<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>Details of the project are difficult to come by. The platform\u2019s Twitter account was launched in January 2023 and outlined plans for an algorithmic stablecoin called $HOPE which dynamically adjusts its supply relative to the price of ETH.<\/p>\n<p>Posts on the account allege that a Nigerian national had executed the scam and had transferred over $1.86 million to Tornado Cash shortly after the platform went live on Feb. 20.\u00a0A member of the CertiK team told Cointelegraph that the scammer had changed details of the smart contract which led to funds being drained from Hope Finance genesis protocol:<\/p>\n<blockquote><p>\u201cIt <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>ears that the scammer changed the TradingHelper contract which meant that when 0x4481 calls OpenTrade on the GenesisRewardPool the funds are transferred to the scammer.\u201d<\/p><\/blockquote>\n<p>According to a Tweet dated Feb. 13, the Hope Finance smart contract was audited by a Cognitos Audit official. Cointelegraph <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.cognitos.io\/hopefinance-farmingcontract-audit\">reviewed<\/a> the audit summary, which flagged two major contract function vulnerabilities.\u00a0<\/p>\n<figure><img decoding=\"async\" src=\"https:\/\/s3.cointelegraph.com\/uploads\/2023-02\/f2492ac1-47ce-4cb0-aa35-073a0c64c0fa.png\"><figcaption style=\"text-align: center;\">Source: Cognitos Audit of Hope Finance&#8217;s smart contract.<\/figcaption><\/figure>\n<p>This included an incorrect modifier and the possibility for reentrancy attacks. Despite flagging these vulnerabilities, Cognitos found that the smart contract code had passed the audit successfully. <\/p>\n<p>Following the scam, Hope Finance shared information with users to withdraw staked liquidity from the protocol through an emergency withdrawal function.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Steps to withdraw your staked LP from the this fucking scam protocol<\/p>\n<p>1. Go on this link<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/HjuvQyxbUX\">https:\/\/t.co\/HjuvQyxbUX<\/a><\/p>\n<p>2. connect your wallet<br \/>3. click on emergency withdraw<\/p>\n<p>Enter 0000000000000000000000000000000000000000000000000000000000000002 <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/5RxtgKXgoo\">pic.twitter.com\/5RxtgKXgoo<\/a><\/p>\n<p>\u2014 Hope Finance (,) (@Hope_fin) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/Hope_fin\/status\/1627941848206516224?ref_src=twsrc%5Etfw\">February 21, 2023<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Arbitrum is an Ethereum layer 2 roll-up network that is aimed at enabling exponential scaling of smart contracts.\u00a0Alongside Optimism, the two layer-2 protocols continue to handle an increasing amount of transactions within the Ethereum ecosystem.<\/p>\n<p><template data-name=\"subscription_form\" data-type=\"defi_newsletter\"><\/template><\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">News<\/a> articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/general\/\" target=\"_blank\" rel=\"noopener\">General category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/cointelegraph.com\/news\/hope-finance-exploit-results-in-2m-stolen-from-users-funds\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8221; Hope Finance exploit results in $2M stolen from users&#8217; funds &#8220; Prospective users of an Arbitrum-based decentralized finance (DeFi) project have been left out of pocket following a $2 million exploit. Web3 security firm CertiK flagged the incident on Feb. 21, following an announcement from the Hope Finance Twitter account notifying users that they&#8230;<\/p>\n","protected":false},"author":1,"featured_media":554564,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/s3.cointelegraph.com\/uploads\/2023-02\/ad0fecc4-1f3c-48ac-8c39-848bddf2d6a1.jpg","fifu_image_alt":"","footnotes":""},"categories":[1],"tags":[133065,74894,74868,74882,70944,71101],"class_list":["post-554563","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-arbitrum","tag-blockchain","tag-defi","tag-hacks","tag-hackers","tag-scams"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/554563","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=554563"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/554563\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/554564"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=554563"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=554563"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=554563"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}