YEREVAN (CoinChapter.com) — DeFi protocol BaseBros Fi shocked users when it suddenly vanished after stealing funds through an unaudited contract. On September 13, the protocol deleted its website and social media accounts on X and Telegram, leaving investors without access to their funds. The project had established a following, with about 2,000 followers on X and more than 3,300 members on Telegram.

BaseBrosFi Account Deleted. Source: BaseBrosFi

Blockchain security firm Chain Audits revealed that BaseBros Fi used an unaudited smart contract to steal user investments. According to Chain Audits, the rug pull occurred through a contract that had not undergone an audit, making it vulnerable to exploitation.

.BaseBros Fi Audit Report Highlights Missing Vault Contract. Source: ChainAudits Unaudited Contract Opens Backdoor for Rug Pull

Chain Audits had previously audited several of BaseBros Fi’s smart contracts but stated that the contract used in the rug pull was not part of its audit. The Vault Contract, which enabled the project’s operators to withdraw funds from the Strategy contract, had not been verified or reviewed for vulnerabilities.

Chain Audits clarified that the Vault Contract was not included in its audit scope, nor was it verified on the blockchain. As a result, the project’s operators were able to execute the rug pull. Consequently, this backdoor vulnerability left investors exposed to theft.

BaseBrosFi Rug Pull Incident Report. Source: Chain Audits Seamless Protocol Clarifies No Impact from BaseBros Fi Rug Pull, $130K Funneled Through Tornado Cash

The BaseBros Fi rug pull was initially linked to the Seamless Protocol due to similarities in contract labeling. However, blockchain investigator Cyvers found that the theft only affected BaseBros Fi. According to Cyvers, the attackers funneled about $130,000 of stolen funds through Tornado Cash, a crypto mixing service used to obscure the transaction trail.

Seamless Protocol Clarifies Security Amid BaseBros Fi Rug Pull. Source: CyversAlerts

Seamless completed an internal investigation and reassured users that the rug pull did not affect its protocol. Chain Audits also confirmed that the incident only impacted BaseBros Fi. The attackers drained multiple pools within BaseBros Fi, leaving users without their funds.

DeFi Rug Pulls on the Rise: BaseBros Fi and Penpie Among Latest Victims

The BaseBros Fi incident adds to the growing number of rug pulls in the DeFi space. Similar events have taken place, like the Penpie protocol losing $27 million to a hacker. The Penpie attacker even received a message from the Euler Finance hacker. In 2023, the Euler hacker stole $195 million and acknowledged the Penpie theft in an on-chain message.

Above all, these rising cases of rug pulls are a reminder for DeFi users to stay cautious. Engaging with unaudited or unverified projects poses significant risks. While some hackers, like the Euler Finance attacker, have returned stolen funds after negotiations, no such offers have been made by those behind BaseBros Fi or Penpie. As a result, users have faced heavy losses.

The post BaseBros Fi Vanishes in Major Rug Pull, Users Left Without Funds appeared first on CoinChapter.