QI Quadriga Initiative

Oct 2024 - Base Blockchain Unverified Compound Fork Lending Exploited - $1m (Global)

"Base is a secure, low-cost, developer-friendly Ethereum L2 built to bring the next billion users to web3."

"Secured by Ethereum: Base is built with the security and scalability you need to power your decentralized apps. It leverages the underlying security of Ethereum, along with Coinbase’s best practices, to enable you to confidently onramp into Base from Coinbase, Ethereum L1, and other interoperable chains.

Empowered by Coinbase: Base makes it easy to build decentralized apps with access to Coinbase’s products, users, and tools. Seamless Coinbase product integrations, easy fiat onramps, and powerful acquisition tools enable developers to serve the 110M+ verified users and to access $80B assets on platform in the Coinbase ecosystem.

Big features, small fees: Base offers full EVM equivalence at a fraction of the cost and is committed to pushing forward the developer platform. Set up gasless transactions for your dapps with easy developer APIs for account abstraction, and securely build multichain applications with easy-to-use bridges.

Open source: Base aims to be decentralized, permissionless, and open to anyone with the vision of creating a standard, modular, rollup agnostic Superchain powered by Optimism. We’re joining Optimism as a Core Dev on the open source OP Stack, and working to create a thriving community of other developers."

"ALERT! Our system has detected a suspicious transaction targeting an unknown project on #Base, resulting in a loss of approximately $1M. The affected project appears to be a #Compound fork, with multiple markets being drained. As the contracts are not open-source, we suspect this may be a classic price manipulation attack caused by reliance on Uniswap's spot price."

Further Analysis

An unidentified smart contract on the Base Blockchain (which was originally derived from the Compound Finance protocol) was exploited through a price manipulation exploit. In total, $1m USD with of funds were lost. There is no clarity as to whether this protocol had a given name or how the development team may be assiting any affected users.

How Could This Have Been Prevented?

More Cryptocurrency Exchange Hacks/Scams/Frauds

Aark Digital Incorrect Balance Update Exploit > > < < Bitfinex Proceeds US Government Controlled Wallets Breached

Sources/Further Reading

Base Transaction Hash (Txhash) Details | BaseScan (Dec 31)
@Phalcon_xyz Twitter (Dec 31)
DeFiHackLabs/src/test/2024-10/CompoundFork_exploit.sol at main · SunWeb3Sec/DeFiHackLabs · GitHub (Dec 31)
Base (Dec 31)
https://www.coinbase.com/en-ca/blog/introducing-base (Dec 31)

Join Us!

 Name: Email:
t.me/QuadrigaInitiative /r/QuadrigaInitiative @QuadrigaInit info@quadrigainitiative.com
Sign-Ups: 100%

Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected User. For questions or enquiries, email info@quadrigainitiative.com.