Key takeaways:
- Protocol for decentralized finance Blueberry was able to halt its protocol following a last-ditch effort to contain possible harm from an “ongoing exploit.”
- Users who had trouble withdrawing money from Blueberry said that the front end was also down, further escalating the unrest.
Protocol for decentralized finance Blueberry was able to halt its protocol on Friday following a last-ditch effort to contain possible harm from an “ongoing exploit.”
The Blueberry Protocol Foundation stated that it was experiencing an “ongoing exploit” in a post on X on February 23. It encouraged users to remove their money from the Blueberry loan markets while it tried to halt the protocol immediately.
Users who had trouble withdrawing money from Blueberry said that the front end was also down, further escalating the unrest.
“The front end is also down, so if you are able to interact directly with the contracts to withdraw, please do.”
A client-side exception that occurred was the application fault that caused the website and app to go down momentarily.
The website seems to be back up and running, and Blueberry reported it had been able to suspend the protocol around half an hour later.
“Funds currently deposited are no longer exploitable and we will update as we have more information.”
Later, Blueberry sent another update informing everyone that, less the validator payment, all of the drained funds had been front-run by c0ffeebabe.eth and were safe in the Blueberry multisig.
Initially, 457 ETH were spent, but the so-called white hat saved 366 ETH and put it back into the multi-signature wallet. The protocol team restated:
“Deposited funds are currently safe. Only three markets were affected and the large majority was already returned. Total validator payment (loss) is 91 ETH. We are getting in touch and aim for a full repayment to users as the goal. Protocol is paused.”
Leveraged borrowing and lending up to 20x the amount of the collateral are made possible by the decentralized lending market known as the Blueberry Protocol.
After stealing 2,879 Ether, or roughly $5.4 million, from an exploiter and giving it back to the decentralized finance (DeFi) system Curve Finance during its hack in July 2023, C0ffeebabe gained notoriety.
CoinCodeCap has reached out to Blueberry for comments on the recent exploit.
Ironically, on February 22, Blueberry published a “security overview,” stating that internal risks resulting from protocol activity are avoided by beginning development with a security-first approach and mitigating risks.
Additionally, it states that it has completed two independent token security assessments and has been examined by Hacken and Sherlock; nevertheless, the tweet advertising the “security review” has vanished from Blueberry’s X feed.
