Hassan, a Cryptonews.com journalist with 6+ years of experience in Web3 journalism, brings deep knowledge across Crypto, Web3 Gaming, NFTs, and Play-to-Earn sectors. His work has appeared in...
BaseBros Fi, a decentralized finance (DeFi) yield optimization protocol operating on the Base blockchain, has abruptly disappeared, leaving users without access to their investments.
On September 13, 2024, the project’s website, social media presence on X, and Telegram were all deleted. Investigations revealed that the project exploited an unaudited smart contract, which allowed it to drain users’ funds.
This unaudited contract allowed the project’s operators to withdraw assets from what was referred to as the “Strategy Contract.”
The result was the rapid draining of multiple investment pools. The attackers funneled approximately $130,000 worth of stolen funds through Tornado Cash, a crypto-mixing service known for obfuscating transaction origins.
The rug pull orchestrated by BaseBros shocked everyone, which included 2,000 followers on X and more than 3,300 members on Telegram.
Before its vanishing act, the DeFi project had actively promoted its yield optimization features and promised high returns on the Base blockchain.
Chain Audits, which had previously audited parts of BaseBros’ operation, clarified that while four of the project’s contracts had passed inspection, the Vault contract—the critical element in the theft—had not been included in their audit scope.
Incident Report
Yesterday on 13.09.2024, @BaseBrosFi, a DeFi project on @base, executed a rug pull by gaining control of and draining ecosystem funds via an unaudited and unverified Vault contract.
The BaseBrosFi team exploited the unverified Vault Contract by overriding…