Arbitrum-based Chibi Finance rug pulled its users for roughly $1 million on June 27 via a malicious contract, according to blockchain security firm CertiK.
The project’s native token — CHIBI — has crashed almost 99% in value as of press time. This is the 12th Arbitrum project to scam its users in the last six months.
Chibi Finance deleted its Twitter account and other web presence following the rug pull. The scammer stole 256,012.95 USDC, 94.67 WETH, 4.25520843 WBTC, 115,049 USDT, and 89,563.95 ARB in total.
The scammer swapped the stolen funds to roughly 555 ETH and subsequently bridged them to Ethereum.
All of the stolen funds have been moved to the Tornado Cash mixer as of press time.
The exploit
According to CertiK, the Chibi Finance deployer initiated the exploit by creating a malicious contract through “EOA 0x80c1ca8f002744a3b22ac5ba6ffc4dc0deda58e3” — which was initially funded via a 10 ETH withdrawal on Tornado Cash.
The Chibi deployer then gave the malicious contract — the “_gov” role — essentially the same as admin privileges on a computer network.
This enabled the contract to execute the “panic” function on the protocol, which allowed it to emergency withdraw all funds from Chibi contracts.
The contract then moved the stolen crypto back to the EOA address.
Aftermath
Chibi Finance claimed to be a “yield-optimizer” protocol that allowed users to deposit funds and earn rewards in the form of the CHIBI token.
The project claimed to be audited by blockchain security firm SolidProof — however, since the website has been taken down CryptoSlate was unable to verify the veracity of these claims.
SolidProof did not respond to request for comment as of press time.
The project also engaged a number of crypto influencers to promote it and build hype in the community. These promotions were ongoing as recently as last week.
However, following the rug pull, most influencers who had been promoting the project have deleted the tweets and posts associated with Chibi Finance without an explanation.
The post Chibi Finance becomes 12th Arbitrum-based protocol to rug users in 2023 appeared first on CryptoSlate.