Blueberry halts lending operations amidst exploit discovery

The Blueberry decentralized finance (DeFi) protocol has taken decisive action by pausing its lending and leverage operations following the detection of a mysterious exploit. The protocol swiftly urged users to withdraw their funds from Blueberry lending markets upon uncovering the exploit, striving to mitigate potential damage.

In a post dated February 23 on X (deleted now), the Blueberry Protocol Foundation disclosed the ongoing exploit and advised users to withdraw their funds promptly while efforts were made to halt the protocol. Amidst the chaos, users encountered difficulties with fund withdrawals, exacerbated by the unavailability of the front end. 

The website and app experienced a brief outage, displaying an application error message: “A client-side exception has occurred.”

Approximately 30 minutes later, Blueberry confirmed the successful pause of the protocol, with the website subsequently restored. 

Further updates from Blueberry revealed that the drained funds had been preemptively secured by c0ffeebabe.eth and transferred to the Blueberry multisig wallet. 

Although 457 Ether was initially drained, the white hat managed to salvage 366 ETH and return it to the multisignature wallet. 

The protocol team assured users of the safety of deposited funds, with only three markets affected and the majority of funds already recovered.

Blueberry protocol, facilitating decentralized lending and leveraged borrowing up to 20x collateral value, boasted a total value locked (TVL) of $4.5 million, according to DefiLlama. However, this figure decreased to $3.15 million following the exploit.

Source: DeFiLlama

c0ffeebabe.eth gained prominence for returning approximately 2,879 ETH, valued at around $5.4 million, to the DeFi protocol Curve Finance amidst a hack in July 2023.

 

Ironically, Blueberry had published a “security overview” on February 22, emphasizing its commitment to a security-first approach and risk mitigation (deleted now). 

The protocol claimed to have undergone audits by Hacken and Sherlock, along with two independent token security audits. However, the tweet promoting the security review has since been removed from Blueberry’s X feed.

 

Rate this article
( No ratings yet )
Chainspot News