Hope Finance recently announced that it had been the victim of a $1.86 million theft. The project Tomb-fork, situated in Arbitrum, purportedly sent a tweet mentioning that the perpetrator is apparently a team member. According to trustworthy sources, it is also believed that the theft was committed using fake Know Your Customer (KYC) information.
Abandon Hope all ye who enter here.
$1.86M was rugged from @Hope_fin.
Although the alleged culprit has been doxxed, it’s unlikely that whoever is responsible will ever be brought to justice…
Don’t get your Hopes up.https://t.co/WEnurN52hR pic.twitter.com/qB6eXJNLz0
— rekt (@RektHQ) February 22, 2023
The officer who divulged all of this information did not hesitate to make the accusation. He also sent an official notice to all of their connected users telling them how to use the emergency withdrawal feature to get their money back. Though this may be the formal statement put out regarding a developer being responsible for the theft, it also happens to be a fact that the tx that was involved in the preparation of the rug had the approval of all three accounts that happened to be on the team’s multisig. The theft included $800,000 from WETH and $1 million from USDC.
In order to carry out the theft, a false router happened to have been positioned at txn 0xf188. Following this, an update was carried out on the SwapHelper for the utilization of the false router in txn 0xc9ee. Incidentally, the txn was passed by all three owners of multisig 0x8ebd of Hope. In place of swapping, the USDC was forwarded to Ox957D. In this scenario, the received USDC was exchanged for ETH, resulting in 1095 ETH. Following that, it was linked to Ethereum with the help of Celer, after which it was forwarded to Tornado Cash.
An audit had been conducted on the project before its launch by Cognitos and AuditRateTech. At the present moment in time, however, the entire situation is extremely hazy and uncertain.
Source: https://www.cryptonewsz.com/hope-finance-announces-theft-of-1-86m-usd/