Kokomo Finance Lending Protocol Exit Scam: Difference between revisions
Jump to navigation
Jump to search
(Adding in CoinTelegraph article and summary.) |
No edit summary |
||
| (One intermediate revision by the same user not shown) | |||
| Line 1: | Line 1: | ||
{{Imported Case Study|source=https://www.quadrigainitiative.com/casestudy/kokomofinancelendingprotocolexitscam.php}} | {{Imported Case Study|source=https://www.quadrigainitiative.com/casestudy/kokomofinancelendingprotocolexitscam.php}}[[File:Kokomofinance.jpg|thumb|Kokomo Finance Promotion]]Kokomo Finance was a newly launched open-source and non-custodial lending protocol built on Optimism and Arbitrum. It allowed users to lend and borrow digital assets, and its token KOKO had a 14-day genesis mining program. The protocol's audit, conducted by 0xGuard, only covered the token contract, not the entire protocol. Within a week of its launch, the protocol was exploited, resulting in the loss of around $4M, and the project's website, Twitter, GitHub, and Medium accounts were deleted. The attacker targeted the wrapped Bitcoin deposits, and even though $2M of tokens still remain in the project's pools on Optimism, the contracts are paused, and users can't withdraw funds. Kokomo Finance is unlikely to recover. | ||
<ref name="comparitech-10032" /> | |||
== About Kokomo Finance == | |||
<ref name="defillama-10779" /><ref name="kokomofinancearchive-10802" /><ref name="kokomofinancegithubarchive-10803" /><ref name="kokomofinancetwitterarchive-10804" /> | |||
"Kokomo Finance [was] an open source and non-custodial lending protocol on Optimism and Arbitrum." | "Kokomo Finance [was] an open source and non-custodial lending protocol on Optimism and Arbitrum." | ||
| Line 55: | Line 54: | ||
* Anything that wasn't reasonably knowable at the time of the event. | * Anything that wasn't reasonably knowable at the time of the event. | ||
There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page. | There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page. | ||
=== Two Audits By 0xGuard === | |||
The Kokomo Finance protocol was audited twice by the 0xGuard firm<ref name=":0">[https://github.com/0xGuard-com/audit-reports/blob/master/Kokomo%20Finance%20Token/Kokomo%20Finance%20Token.pdf Kokomo Finance Second Audit - 0xGuard] (May 17, 2023)</ref>. | |||
== The Reality == | == The Reality == | ||
| Line 71: | Line 73: | ||
!Event | !Event | ||
!Description | !Description | ||
|- | |||
|March 13th, 2023 2:21:00 AM MDT | |||
|Promotion on Twitter Started | |||
|The Kokomo Finance scheme is starting to be promoted on Twitter<ref name="sidenzgiwtwitter-10789" /><ref name="ohhellohanatwitter-10788" /><ref name="happykiyowokaytwitter-10792" /><ref name="moemoeatwitter-10785" /><ref name="pamungkhaztwitter-10793" /><ref name="solaceyfeelstwitter-10787" /><ref name="ro2noazerotwitter-10791" />. | |||
|- | |||
|March 14th, 2023 3:28:00 AM MDT | |||
|Promotion Still Underway | |||
|The Kokomo Finance scheme is still under heavy promotion via Twitter<ref name="semqngattwitter-10797" /><ref name="leehc0xtwitter-10798" /><ref name="pirotreborntwitter-10799" />. | |||
|- | |- | ||
|March 14th, 2023 12:25:04 PM MDT | |March 14th, 2023 12:25:04 PM MDT | ||
|Domain Pending Registration | |Domain Pending Registration | ||
|The kokomo.finance website shows that the domain is still pending WHOIS contact verification<ref name="kokomofinancearchive-10805" />. | |The kokomo.finance website shows that the domain is still pending WHOIS contact verification<ref name="kokomofinancearchive-10805" />. | ||
|- | |||
|March 17th, 2023 12:21:00 AM MDT | |||
|0xGuard Audit Started | |||
|Audit firm 0xGuard announces that they've started an audit of the Kokomo Finance protocol<ref name="0xguardtwitter-10794" />. | |||
|- | |||
|March 22nd, 2023 12:53:00 AM MDT | |||
|Second 0xGuard Audit Published | |||
|Audit firm 0xGuard publishes a second audit on Twitter<ref name="0xguardtwitter-10795" />.<ref name=":0" /> | |||
|- | |||
|March 22nd, 2023 9:28:00 AM MDT | |||
|Listed On List of New Projects | |||
|Kokomo Finance is included in a list of newly launched blockchain projects<ref name="c4dotggtwitter-10784" />. | |||
|- | |||
|March 23rd, 2023 7:07:00 AM MDT | |||
|Optimism Space Tweet | |||
|Optimism Space tweets about the protocol<ref name="optimismspacetwitterarchive-10780" />. | |||
|- | |||
|March 23rd, 2023 10:05:00 AM MDT | |||
|DefiLlama Promotion on Twitter | |||
|DefiLlama announces they are now tracking Kokomo Finance<ref name="defillamatwitter-10782" />. | |||
|- | |||
|March 25th, 2023 12:36:00 AM MDT | |||
|CryptoLeeY Promotion Tweet | |||
|CryptoLeeY publishes an analysis of the Kokomo Finance protocol<ref name="cryptoleeytwitter-10786" />. TBD expand and get the information out. | |||
|- | |||
|March 25th, 2023 1:34:00 AM MDT | |||
|Optimism Economy Promotion | |||
|The Optimism Economy Tweets about the Kokomo Finance project, an open-source and non-custodial lending protocol<ref name="optimismeconomytwitter-10790" />. | |||
|- | |||
|March 25th, 2023 4:07:00 AM MDT | |||
|Kokomo Finance Lists on CoinGecko | |||
|The Kokomo Finance KOKO coin is listed on CoinGecko<ref name="cryptonotifybottwitter-10796" />. | |||
|- | |- | ||
|March 26th, 2023 9:58:05 AM MDT | |March 26th, 2023 9:58:05 AM MDT | ||
| Line 80: | Line 122: | ||
|The blockchain transaction to remove liquidity from the smart contract<ref name="optimistic-10781" />. | |The blockchain transaction to remove liquidity from the smart contract<ref name="optimistic-10781" />. | ||
|- | |- | ||
|March 26th, 2023 11: | |March 26th, 2023 2:43:00 PM MDT | ||
|UnoIntern Announcement | |||
|Twitter user UnoIntern reports about the rug pull happening<ref name="unointerntwitter-10783" />. | |||
|- | |||
|March 26th, 2023 11:33:48 PM MDT | |||
|CoinTelegraph Article | |CoinTelegraph Article | ||
|CoinTelegraph posts an article on the situation<ref name="cointelegraphtwitter-10800" />. Optimism-based lending protocol Kokomo Finance is suspected of carrying out a $4 million "exit scam" after its social media and website went offline, while the price of its KOKO token fell by over 95% in a matter of minutes. Security firm CertiK alerted its followers to the alleged scam in a tweet, noting that the KOKO token plummeted in value. CertiK said that the deployer of KOKO attacked the smart contract code of a wrapped Bitcoin token, cBTC, by resetting the reward speed and pausing the borrow function, before approving the new cBTC smart contract to spend over 7000 Sonne Wrapped Bitcoin (So-WBTC). The attacker then swapped the So-WBTC to another address, producing a $4 million profit. Kokomo Finance's smart contract audit passed most aspects, but had typographical errors and the owner of the KOKO token had the ability to mint 45% of the maximum supply to an arbitrary address<ref>[https://cointelegraph.com/news/4m-exit-scam-suspected-as-kokomo-finance-flies-off-radar-token-plunges $4M ‘exit scam’ suspected as Kokomo Finance flies off radar, token plunges - CoinTelegraph] (May 3, 2023)</ref>. | |CoinTelegraph posts an article on the situation<ref name="cointelegraphtwitter-10800" />. Optimism-based lending protocol Kokomo Finance is suspected of carrying out a $4 million "exit scam" after its social media and website went offline, while the price of its KOKO token fell by over 95% in a matter of minutes. Security firm CertiK alerted its followers to the alleged scam in a tweet, noting that the KOKO token plummeted in value. CertiK said that the deployer of KOKO attacked the smart contract code of a wrapped Bitcoin token, cBTC, by resetting the reward speed and pausing the borrow function, before approving the new cBTC smart contract to spend over 7000 Sonne Wrapped Bitcoin (So-WBTC). The attacker then swapped the So-WBTC to another address, producing a $4 million profit. Kokomo Finance's smart contract audit passed most aspects, but had typographical errors and the owner of the KOKO token had the ability to mint 45% of the maximum supply to an arbitrary address<ref>[https://cointelegraph.com/news/4m-exit-scam-suspected-as-kokomo-finance-flies-off-radar-token-plunges $4M ‘exit scam’ suspected as Kokomo Finance flies off radar, token plunges - CoinTelegraph] (May 3, 2023)</ref>. | ||
|- | |||
|March 27th, 2023 9:24:32 AM MDT | |||
|YouTube Video | |||
|A YouTube video about the crash is posted<ref name="youtube-10778" />. | |||
|- | |- | ||
|March 27th, 2023 2:12:00 PM MDT | |March 27th, 2023 2:12:00 PM MDT | ||
|RektHQ Article Posted | |RektHQ Article Posted | ||
|The situation is posted on RektHQ<ref>[https://twitter.com/RektHQ/status/1640446779496734723 RektHQ - "Another week, another rug. This time, @KokomoFinance took off with $4M, before deleting their online presence." - Twitter] (May 3, 2023)</ref>. Kokomo Finance, a lending protocol built on Optimism, has reportedly rug-pulled, leaving with $4 million in stolen wrapped Bitcoin deposits. The protocol had launched less than a week ago, and its token, KOKO, had been introduced 36 hours before the rug pull. The project deleted its website, Twitter, GitHub and Medium in the process. Wrapped Bitcoin deposits were stolen through changes made by the project’s deployer address. Despite almost $2 million of tokens remaining in the project’s pools on Optimism, the contracts have been paused, and users cannot withdraw funds. The incident is the largest to date to affect Optimism, leading to questions about whether this incident signals a changing tide amongst Ethereum’s most popular scaling solutions<ref name="rektnews-10776" />. | |The situation is posted on RektHQ<ref>[https://twitter.com/RektHQ/status/1640446779496734723 RektHQ - "Another week, another rug. This time, @KokomoFinance took off with $4M, before deleting their online presence." - Twitter] (May 3, 2023)</ref>. Kokomo Finance, a lending protocol built on Optimism, has reportedly rug-pulled, leaving with $4 million in stolen wrapped Bitcoin deposits. The protocol had launched less than a week ago, and its token, KOKO, had been introduced 36 hours before the rug pull. The project deleted its website, Twitter, GitHub and Medium in the process. Wrapped Bitcoin deposits were stolen through changes made by the project’s deployer address. Despite almost $2 million of tokens remaining in the project’s pools on Optimism, the contracts have been paused, and users cannot withdraw funds. The incident is the largest to date to affect Optimism, leading to questions about whether this incident signals a changing tide amongst Ethereum’s most popular scaling solutions<ref name="rektnews-10776" />. | ||
|- | |||
|March 30th, 2023 1:59:31 AM MDT | |||
|CoinMonks Article Published | |||
|CoinMonks publishes an article about the situation<ref name="coinmonksmedium-10777" />. TBD more details. | |||
|} | |} | ||
| Line 111: | Line 165: | ||
What parts of this case are still remaining to be concluded? | What parts of this case are still remaining to be concluded? | ||
== Individual Prevention Policies == | == Individual Prevention Policies == | ||
{{Prevention: | {{Prevention:Individual:Avoid Using Smart Contracts}} | ||
{{Prevention:Individuals:End}} | {{Prevention:Individuals:End}} | ||
== Platform Prevention Policies == | == Platform Prevention Policies == | ||
{{Prevention:Platforms: | {{Prevention:Platforms:Regular Audit Procedures}} | ||
{{Prevention:Platforms:End}} | {{Prevention:Platforms:End}} | ||
== Regulatory Prevention Policies == | == Regulatory Prevention Policies == | ||
{{Prevention:Regulators: | {{Prevention:Regulators:Platform Security Assessments}} | ||
{{Prevention:Regulators:End}} | {{Prevention:Regulators:End}} | ||
| Line 128: | Line 182: | ||
<references> | <references> | ||
<ref name="rektnews-10776">[https://rekt.news/kokomo-finance-rekt/ Rekt - Kokomo Finance - REKT] (May 3, 2023)</ref> | <ref name="rektnews-10776">[https://rekt.news/kokomo-finance-rekt/ Rekt - Kokomo Finance - REKT] (May 3, 2023)</ref> | ||
<ref name="coinmonksmedium-10777">[https://medium.com/coinmonks/decoding-kokomo-finance-4-million-rug-pull-quillaudits-d5d027522bf3 Decoding Kokomo Finance $4 Million Rug Pull Quillaudits] (May 3, 2023)</ref> | <ref name="coinmonksmedium-10777">[https://medium.com/coinmonks/decoding-kokomo-finance-4-million-rug-pull-quillaudits-d5d027522bf3 Decoding Kokomo Finance $4 Million Rug Pull Quillaudits - CoinMonks Medium] (May 3, 2023)</ref> | ||
<ref name="youtube-10778">[https://www.youtube.com/watch?v=raB0EN-Kk5Q KOKOMO FINANCE MEGA CRASHED -98%‼️ KOKO TOKEN PRICE TODAY❗ $4M EXIT SCAM SUSPECTED AS KOKOMO FINANCE - YouTube] (May 3, 2023)</ref> | <ref name="youtube-10778">[https://www.youtube.com/watch?v=raB0EN-Kk5Q KOKOMO FINANCE MEGA CRASHED -98%‼️ KOKO TOKEN PRICE TODAY❗ $4M EXIT SCAM SUSPECTED AS KOKOMO FINANCE - YouTube] (May 3, 2023)</ref> | ||
<ref name="defillama-10779">[https://defillama.com/protocol/kokomo-finance Kokomo Finance - DefiLlama] (May 3, 2023)</ref> | <ref name="defillama-10779">[https://defillama.com/protocol/kokomo-finance Kokomo Finance - DefiLlama] (May 3, 2023)</ref> | ||
<ref name="optimismspacetwitterarchive-10780">[https://web.archive.org/web/20230327054703/https://twitter.com/Optimism_Space/status/1638799587971588096 | <ref name="optimismspacetwitterarchive-10780">[https://web.archive.org/web/20230327054703/https://twitter.com/Optimism_Space/status/1638799587971588096 Optimism_Space - "KOKOMO IS LIVE ON OPTIMISM Kokomo Finance, an open source and non-custodial lending protocol" - Twitter] (May 3, 2023)</ref> | ||
<ref name="optimistic-10781">[https://optimistic.etherscan.io/tx/0xc3a34542b7283fc3ef9101f6c3d92b6fd666b882a4c6193ae11b027fbde39cd9 Optimistic L2 Theft Transaction - Optimism] (May 3, 2023)</ref> | <ref name="optimistic-10781">[https://optimistic.etherscan.io/tx/0xc3a34542b7283fc3ef9101f6c3d92b6fd666b882a4c6193ae11b027fbde39cd9 Optimistic L2 Theft Transaction - Optimism] (May 3, 2023)</ref> | ||
<ref name="defillamatwitter-10782">[https://twitter.com/DefiLlama/status/1638934901306294272 | <ref name="defillamatwitter-10782">[https://twitter.com/DefiLlama/status/1638934901306294272 DefiLlama - "Kokomo Finance, an open source and non-custodial lending protocol on Optimism and Arbitrum" - Twitter] (May 3, 2023)</ref> | ||
<ref name="unointerntwitter-10783">[https://twitter.com/UnoIntern/status/1640092235990548485 | <ref name="unointerntwitter-10783">[https://twitter.com/UnoIntern/status/1640092235990548485 UnoIntern - "Kokomo Finance Rug-pulled for $6M Stay cautious if you have interacted with its contracts!" - Twitter] (May 3, 2023)</ref> | ||
<ref name="c4dotggtwitter-10784">[https://twitter.com/C4dotgg/status/1638563266548092928 | <ref name="c4dotggtwitter-10784">[https://twitter.com/C4dotgg/status/1638563266548092928 C4dotgg - "New Projects" - Twitter] (May 3, 2023)</ref> | ||
<ref name="moemoeatwitter-10785">[https://twitter.com/moemoea_/status/1635319303540215814 | <ref name="moemoeatwitter-10785">[https://twitter.com/moemoea_/status/1635319303540215814 moemoea_ - "Kokomo finance proof Telegram usn La_moemoea Discord usn elfluffy#2082" - Twitter] (May 3, 2023)</ref> | ||
<ref name="cryptoleeytwitter-10786">[https://twitter.com/CryptoLeeY/status/1639516507251277824 | <ref name="cryptoleeytwitter-10786">[https://twitter.com/CryptoLeeY/status/1639516507251277824 CryptoLeeY - "Hola Degen! After a long research, found a permission-less lending protocol to help the user to lend and borrow digital assets." - Twitter] (May 3, 2023)</ref> | ||
<ref name="solaceyfeelstwitter-10787">[https://twitter.com/solaceyfeels/status/1635474736972173319 | <ref name="solaceyfeelstwitter-10787">[https://twitter.com/solaceyfeels/status/1635474736972173319 solaceyfeels - "kokomo finance" - Twitter] (May 3, 2023)</ref> | ||
<ref name="ohhellohanatwitter-10788">[https://twitter.com/ohhellohana/status/1635302268466778113 | <ref name="ohhellohanatwitter-10788">[https://twitter.com/ohhellohana/status/1635302268466778113 ohhellohana - "tg crzyhana, ko dc crzyhana#3713, kokomo finance" - Twitter] (May 3, 2023)</ref> | ||
<ref name="sidenzgiwtwitter-10789">[https://twitter.com/sidenzgiw/status/1635194374870151169 | <ref name="sidenzgiwtwitter-10789">[https://twitter.com/sidenzgiw/status/1635194374870151169 sidenzgiw - "Kokomo Finance" - Twitter] (May 3, 2023)</ref> | ||
<ref name="optimismeconomytwitter-10790">[https://twitter.com/OptimismEconomy/status/1639531177634844674 @ | <ref name="optimismeconomytwitter-10790">[https://twitter.com/OptimismEconomy/status/1639531177634844674 OptimismEconomy - "@KokomoFinance Live on @optimismFND ️#KokomoFinance is an open source and non-custodial lending protocol" - Twitter] (May 3, 2023)</ref> | ||
<ref name="ro2noazerotwitter-10791">[https://twitter.com/ro2noazero/status/1635514800796241921 | <ref name="ro2noazerotwitter-10791">[https://twitter.com/ro2noazero/status/1635514800796241921 ro2noazero - "kokomo finance tg dc" - Twitter] (May 3, 2023)</ref> | ||
<ref name="happykiyowokaytwitter-10792">[https://twitter.com/happykiyowokay/status/1635407815622922241 | <ref name="happykiyowokaytwitter-10792">[https://twitter.com/happykiyowokay/status/1635407815622922241 happykiyowokay - "Dc fah25#4410 Tg fah Kokomo finance" - Twitter] (May 3, 2023)</ref> | ||
<ref name="pamungkhaztwitter-10793">[https://twitter.com/Pamungkhaz/status/1635410479458959360 | <ref name="pamungkhaztwitter-10793">[https://twitter.com/Pamungkhaz/status/1635410479458959360 Pamungkhaz - "Kokomo Finance DC+TG: Pamungkhaz." - Twitter] (May 3, 2023)</ref> | ||
<ref name="0xguardtwitter-10794">[https://twitter.com/0xGuard/status/1636613655679606784 @ | <ref name="0xguardtwitter-10794">[https://twitter.com/0xGuard/status/1636613655679606784 0xGuard - "We are happy to announce that we've started an audit of @KokomoFinance's smart contracts." - Twitter] (May 3, 2023)</ref> | ||
<ref name="0xguardtwitter-10795">[https://twitter.com/0xGuard/status/1638433725540171777 @ | <ref name="0xguardtwitter-10795">[https://twitter.com/0xGuard/status/1638433725540171777 0xGuard - "New audit report by #0xGuard is available. Prepared for: @KokomoFinance" - Twitter] (May 3, 2023)</ref> | ||
<ref name="cryptonotifybottwitter-10796">[https://twitter.com/CryptoNotifyBot/status/1639569704368091139 | <ref name="cryptonotifybottwitter-10796">[https://twitter.com/CryptoNotifyBot/status/1639569704368091139 CryptoNotifyBot - "New CoinGecko Listing Kokomo Finance / $koko" - Twitter] (May 3, 2023)</ref> | ||
<ref name="semqngattwitter-10797">[https://twitter.com/semqngat/status/1635187340896509952 | <ref name="semqngattwitter-10797">[https://twitter.com/semqngat/status/1635187340896509952 semqngat - "raven tg discord kokomo finance tg name, usn: c, csemqngat discord: semqngat#8085" - Twitter] (May 3, 2023)</ref> | ||
<ref name="leehc0xtwitter-10798">[https://twitter.com/leehc0x/status/1635549519214698496 | <ref name="leehc0xtwitter-10798">[https://twitter.com/leehc0x/status/1635549519214698496 leehc0x - "tg: Melonsquash1 dc: imah#8628 #kokomofinance" - Twitter] (May 3, 2023)</ref> | ||
<ref name="pirotreborntwitter-10799">[https://twitter.com/PirotReborn/status/1635573729664319488 | <ref name="pirotreborntwitter-10799">[https://twitter.com/PirotReborn/status/1635573729664319488 PirotReborn - "Tg PirotFer Ferry DC FerreyPirot #0399 - KokomoFinance" - Twitter] (May 3, 2023)</ref> | ||
<ref name="cointelegraphtwitter-10800">[https://twitter.com/Cointelegraph/status/1640227158743449600 | <ref name="cointelegraphtwitter-10800">[https://twitter.com/Cointelegraph/status/1640227158743449600 CoinTelegraph - "A newly-launched lending protocol, Kokomo Finance has allegedly rug-pulled its users to the tune of $4 million just two days after going live on Optimism." - Twitter] (May 3, 2023)</ref> | ||
<ref name="cointelegraph-10801">[https://cointelegraph.com/news/4m-exit-scam-suspected-as-kokomo-finance-flies-off-radar-token-plunges $4M ‘exit scam’ suspected as Kokomo Finance flies off radar, token plunges] (May 3, 2023)</ref> | <ref name="cointelegraph-10801">[https://cointelegraph.com/news/4m-exit-scam-suspected-as-kokomo-finance-flies-off-radar-token-plunges $4M ‘exit scam’ suspected as Kokomo Finance flies off radar, token plunges - CoinTelegraph] (May 3, 2023)</ref> | ||
<ref name="kokomofinancearchive-10802">[https://web.archive.org/web/20230328012441/https://kokomofinance.medium.com/ Medium] (May 3, 2023)</ref> | <ref name="kokomofinancearchive-10802">[https://web.archive.org/web/20230328012441/https://kokomofinance.medium.com/ Medium] (May 3, 2023)</ref> | ||
<ref name="kokomofinancegithubarchive-10803">https://web.archive.org/web/20230328012441/https://github.com/KokomoFinance (May 3, 2023)</ref> | <ref name="kokomofinancegithubarchive-10803">https://web.archive.org/web/20230328012441/https://github.com/KokomoFinance (May 3, 2023)</ref> | ||
<ref name="kokomofinancetwitterarchive-10804">[https://web.archive.org/web/20230327052512/https://twitter.com/KokomoFinance @KokomoFinance Twitter] (May 3, 2023)</ref> | <ref name="kokomofinancetwitterarchive-10804">[https://web.archive.org/web/20230327052512/https://twitter.com/KokomoFinance @KokomoFinance Twitter] (May 3, 2023)</ref> | ||
<ref name="kokomofinancearchive-10805">[https://web.archive.org/web/20230314182504/http://kokomo.finance/ Registrant WHOIS contact information verification | Namecheap.com Archive March 14th, 2023 12:25:04 PM MDT] (May 3, 2023)</ref> | <ref name="kokomofinancearchive-10805">[https://web.archive.org/web/20230314182504/http://kokomo.finance/ Registrant WHOIS contact information verification | Namecheap.com Archive March 14th, 2023 12:25:04 PM MDT] (May 3, 2023)</ref> | ||
<ref name="comparitech-10032">[https://www.comparitech.com/crypto/cryptocurrency-scams/ Worldwide crypto & NFT rug pulls and scams tracker - Comparitech] (Dec 15, 2022)</ref> | |||
</references> | </references> | ||
Latest revision as of 16:35, 15 May 2024
Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' section to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
Kokomo Finance was a newly launched open-source and non-custodial lending protocol built on Optimism and Arbitrum. It allowed users to lend and borrow digital assets, and its token KOKO had a 14-day genesis mining program. The protocol's audit, conducted by 0xGuard, only covered the token contract, not the entire protocol. Within a week of its launch, the protocol was exploited, resulting in the loss of around $4M, and the project's website, Twitter, GitHub, and Medium accounts were deleted. The attacker targeted the wrapped Bitcoin deposits, and even though $2M of tokens still remain in the project's pools on Optimism, the contracts are paused, and users can't withdraw funds. Kokomo Finance is unlikely to recover.
About Kokomo Finance
"Kokomo Finance [was] an open source and non-custodial lending protocol on Optimism and Arbitrum."
"Kokomo Finance, an open source and non-custodial lending protocol. Enter http://kokomo.finance to lend, borrow and earn $KOKO here. A 14-days genesis mining starts now with a decent APR!"
"Hola Degen! After a long research, found a permission-less lending protocol to help the user to lend and borrow digital assets. The name of protocol is - @KokomoFinance which is built on @optimismFND Now lets jump to some depth of this protocol"
"The project’s audit, conducted by 0xGuard, covered just the token contract, rather than the protocol at large."
"1/ The deployer of KOKO Token, address 0x41BE, deployed attack contract cBTC. Then set the reward speed, paused the borrow and set the implementation contract into a malicious one.
2/ Address 0x5a2d… approved the cBTC contract to spend the 7010 sonne WBTC.
3/ Since the implementation contract has been upgraded to the malicious cBTC contract, the attacker called 0x804edaad method to transfer sonne WBTC to address 0x5C8d.
4/ Finally, the address 0x5C8d.. swapped 7010 sonne WBTC to 141 WBTC (~4M) for profit."
"The lending protocol had launched on Optimism less than a week ago, and its token, KOKO, less than 36 hours before the rug."
"Kokomo Finance took off with approximately $4M, deleting their website, Twitter, GitHub and Medium in the process."
"Wrapped Bitcoin deposits were rugged via changes made by the project’s deployer address. Almost $2M of tokens still remain in the project’s pools on Optimism.
But with the contracts paused and users unable to withdraw funds, the question remains…
…will they be back for the rest?"
"Whatever the future holds for Optimism, one thing’s for certain:
Kokomo has flatlined."
This is a global/international case not involving a specific country.
The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.
Include:
- Known history of when and how the service was started.
- What problems does the company or service claim to solve?
- What marketing materials were used by the firm or business?
- Audits performed, and excerpts that may have been included.
- Business registration documents shown (fake or legitimate).
- How were people recruited to participate?
- Public warnings and announcements prior to the event.
Don't Include:
- Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
- Anything that wasn't reasonably knowable at the time of the event.
There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.
Two Audits By 0xGuard
The Kokomo Finance protocol was audited twice by the 0xGuard firm[6].
The Reality
This sections is included if a case involved deception or information that was unknown at the time. Examples include:
- When the service was actually started (if different than the "official story").
- Who actually ran a service and their own personal history.
- How the service was structured behind the scenes. (For example, there was no "trading bot".)
- Details of what audits reported and how vulnerabilities were missed during auditing.
What Happened
The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.
| Date | Event | Description |
|---|---|---|
| March 13th, 2023 2:21:00 AM MDT | Promotion on Twitter Started | The Kokomo Finance scheme is starting to be promoted on Twitter[7][8][9][10][11][12][13]. |
| March 14th, 2023 3:28:00 AM MDT | Promotion Still Underway | The Kokomo Finance scheme is still under heavy promotion via Twitter[14][15][16]. |
| March 14th, 2023 12:25:04 PM MDT | Domain Pending Registration | The kokomo.finance website shows that the domain is still pending WHOIS contact verification[17]. |
| March 17th, 2023 12:21:00 AM MDT | 0xGuard Audit Started | Audit firm 0xGuard announces that they've started an audit of the Kokomo Finance protocol[18]. |
| March 22nd, 2023 12:53:00 AM MDT | Second 0xGuard Audit Published | Audit firm 0xGuard publishes a second audit on Twitter[19].[6] |
| March 22nd, 2023 9:28:00 AM MDT | Listed On List of New Projects | Kokomo Finance is included in a list of newly launched blockchain projects[20]. |
| March 23rd, 2023 7:07:00 AM MDT | Optimism Space Tweet | Optimism Space tweets about the protocol[21]. |
| March 23rd, 2023 10:05:00 AM MDT | DefiLlama Promotion on Twitter | DefiLlama announces they are now tracking Kokomo Finance[22]. |
| March 25th, 2023 12:36:00 AM MDT | CryptoLeeY Promotion Tweet | CryptoLeeY publishes an analysis of the Kokomo Finance protocol[23]. TBD expand and get the information out. |
| March 25th, 2023 1:34:00 AM MDT | Optimism Economy Promotion | The Optimism Economy Tweets about the Kokomo Finance project, an open-source and non-custodial lending protocol[24]. |
| March 25th, 2023 4:07:00 AM MDT | Kokomo Finance Lists on CoinGecko | The Kokomo Finance KOKO coin is listed on CoinGecko[25]. |
| March 26th, 2023 9:58:05 AM MDT | Exit Scam Transaction | The blockchain transaction to remove liquidity from the smart contract[26]. |
| March 26th, 2023 2:43:00 PM MDT | UnoIntern Announcement | Twitter user UnoIntern reports about the rug pull happening[27]. |
| March 26th, 2023 11:33:48 PM MDT | CoinTelegraph Article | CoinTelegraph posts an article on the situation[28]. Optimism-based lending protocol Kokomo Finance is suspected of carrying out a $4 million "exit scam" after its social media and website went offline, while the price of its KOKO token fell by over 95% in a matter of minutes. Security firm CertiK alerted its followers to the alleged scam in a tweet, noting that the KOKO token plummeted in value. CertiK said that the deployer of KOKO attacked the smart contract code of a wrapped Bitcoin token, cBTC, by resetting the reward speed and pausing the borrow function, before approving the new cBTC smart contract to spend over 7000 Sonne Wrapped Bitcoin (So-WBTC). The attacker then swapped the So-WBTC to another address, producing a $4 million profit. Kokomo Finance's smart contract audit passed most aspects, but had typographical errors and the owner of the KOKO token had the ability to mint 45% of the maximum supply to an arbitrary address[29]. |
| March 27th, 2023 9:24:32 AM MDT | YouTube Video | A YouTube video about the crash is posted[30]. |
| March 27th, 2023 2:12:00 PM MDT | RektHQ Article Posted | The situation is posted on RektHQ[31]. Kokomo Finance, a lending protocol built on Optimism, has reportedly rug-pulled, leaving with $4 million in stolen wrapped Bitcoin deposits. The protocol had launched less than a week ago, and its token, KOKO, had been introduced 36 hours before the rug pull. The project deleted its website, Twitter, GitHub and Medium in the process. Wrapped Bitcoin deposits were stolen through changes made by the project’s deployer address. Despite almost $2 million of tokens remaining in the project’s pools on Optimism, the contracts have been paused, and users cannot withdraw funds. The incident is the largest to date to affect Optimism, leading to questions about whether this incident signals a changing tide amongst Ethereum’s most popular scaling solutions[32]. |
| March 30th, 2023 1:59:31 AM MDT | CoinMonks Article Published | CoinMonks publishes an article about the situation[33]. TBD more details. |
Technical Details
This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?
Total Amount Lost
The total amount lost has been estimated at $4,000,000 USD.
How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?
Immediate Reactions
How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?
Ultimate Outcome
What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?
Total Amount Recovered
There do not appear to have been any funds recovered in this case.
What funds were recovered? What funds were reimbursed for those affected users?
Ongoing Developments
What parts of this case are still remaining to be concluded?
Individual Prevention Policies
Avoid the use of smart contracts unless necessary. Minimize the level of exposure by removing or withdrawing assets whenever possible. Aim to choose smart contracts which have obtained third party security audits, preferably having been audited by at least three separate reputable firms. Pay attention to the audit reports, which smart contracts are covered, and whether the smart contract has been upgraded or modified since the report. Ensure that any administrative functions with the ability to remove funds from the smart contract are under the authority of a multi-signature wallet which is controlled by at least three separate and reputable entities.
For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.
Platform Prevention Policies
All aspects of any platform should undergo a regular validation/inspection by experts. This validation should include a security audit of any smart contracts, reporting any risks to the backing (of any customer assets, ensuring treasuries or minting functions are properly secured under the control of a multi-signature wallet, and finding any inadequacies in the level of training or integrity of the team. The recommended interval is twice prior to launch or significant system upgrade, once after 3 months, and every 6 months thereafter. It is recommended that the third party performing the inspection not be repeated within a 14 month period.
For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.
Regulatory Prevention Policies
All platforms should undergo published security and risk assessments by independent third parties. Two assessments are required at founding or major upgrade, one after 3 months, and one every 6 months thereafter. The third parties must not repeat within the past 14 months. A risk assessment needs to include what assets back customer deposits and the risk of default from any third parties being lent to. The security assessment must include ensuring a proper multi-signature wallet, and that all signatories are properly trained. Assessments must be performed on social media, databases, and DNS security.
For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.
References
- ↑ Worldwide crypto & NFT rug pulls and scams tracker - Comparitech (Dec 15, 2022)
- ↑ Kokomo Finance - DefiLlama (May 3, 2023)
- ↑ Medium (May 3, 2023)
- ↑ https://web.archive.org/web/20230328012441/https://github.com/KokomoFinance (May 3, 2023)
- ↑ @KokomoFinance Twitter (May 3, 2023)
- ↑ 6.0 6.1 Kokomo Finance Second Audit - 0xGuard (May 17, 2023)
- ↑ sidenzgiw - "Kokomo Finance" - Twitter (May 3, 2023)
- ↑ ohhellohana - "tg crzyhana, ko dc crzyhana#3713, kokomo finance" - Twitter (May 3, 2023)
- ↑ happykiyowokay - "Dc fah25#4410 Tg fah Kokomo finance" - Twitter (May 3, 2023)
- ↑ moemoea_ - "Kokomo finance proof Telegram usn La_moemoea Discord usn elfluffy#2082" - Twitter (May 3, 2023)
- ↑ Pamungkhaz - "Kokomo Finance DC+TG: Pamungkhaz." - Twitter (May 3, 2023)
- ↑ solaceyfeels - "kokomo finance" - Twitter (May 3, 2023)
- ↑ ro2noazero - "kokomo finance tg dc" - Twitter (May 3, 2023)
- ↑ semqngat - "raven tg discord kokomo finance tg name, usn: c, csemqngat discord: semqngat#8085" - Twitter (May 3, 2023)
- ↑ leehc0x - "tg: Melonsquash1 dc: imah#8628 #kokomofinance" - Twitter (May 3, 2023)
- ↑ PirotReborn - "Tg PirotFer Ferry DC FerreyPirot #0399 - KokomoFinance" - Twitter (May 3, 2023)
- ↑ Registrant WHOIS contact information verification | Namecheap.com Archive March 14th, 2023 12:25:04 PM MDT (May 3, 2023)
- ↑ 0xGuard - "We are happy to announce that we've started an audit of @KokomoFinance's smart contracts." - Twitter (May 3, 2023)
- ↑ 0xGuard - "New audit report by #0xGuard is available. Prepared for: @KokomoFinance" - Twitter (May 3, 2023)
- ↑ C4dotgg - "New Projects" - Twitter (May 3, 2023)
- ↑ Optimism_Space - "KOKOMO IS LIVE ON OPTIMISM Kokomo Finance, an open source and non-custodial lending protocol" - Twitter (May 3, 2023)
- ↑ DefiLlama - "Kokomo Finance, an open source and non-custodial lending protocol on Optimism and Arbitrum" - Twitter (May 3, 2023)
- ↑ CryptoLeeY - "Hola Degen! After a long research, found a permission-less lending protocol to help the user to lend and borrow digital assets." - Twitter (May 3, 2023)
- ↑ OptimismEconomy - "@KokomoFinance Live on @optimismFND ️#KokomoFinance is an open source and non-custodial lending protocol" - Twitter (May 3, 2023)
- ↑ CryptoNotifyBot - "New CoinGecko Listing Kokomo Finance / $koko" - Twitter (May 3, 2023)
- ↑ Optimistic L2 Theft Transaction - Optimism (May 3, 2023)
- ↑ UnoIntern - "Kokomo Finance Rug-pulled for $6M Stay cautious if you have interacted with its contracts!" - Twitter (May 3, 2023)
- ↑ CoinTelegraph - "A newly-launched lending protocol, Kokomo Finance has allegedly rug-pulled its users to the tune of $4 million just two days after going live on Optimism." - Twitter (May 3, 2023)
- ↑ $4M ‘exit scam’ suspected as Kokomo Finance flies off radar, token plunges - CoinTelegraph (May 3, 2023)
- ↑ KOKOMO FINANCE MEGA CRASHED -98%‼️ KOKO TOKEN PRICE TODAY❗ $4M EXIT SCAM SUSPECTED AS KOKOMO FINANCE - YouTube (May 3, 2023)
- ↑ RektHQ - "Another week, another rug. This time, @KokomoFinance took off with $4M, before deleting their online presence." - Twitter (May 3, 2023)
- ↑ Rekt - Kokomo Finance - REKT (May 3, 2023)
- ↑ Decoding Kokomo Finance $4 Million Rug Pull Quillaudits - CoinMonks Medium (May 3, 2023)
Cite error: <ref> tag with name "cointelegraph-10801" defined in <references> is not used in prior text.