On July 14, several netizens collectively exposed rabbit finance, a centralized financial project of coin on smart chain (BSC), on Weibo, accusing it of hiding multiple contract loopholes and running risks. On the news, rabbit finance's token, rabbit, fell to $0.24 from a maximum of $2.67, down more than 91%.
Subsequently, rabbit Finance issued a response statement on its microblog, admitting that there were loopholes in the contract.However, he said that the problem of contract security circulating in the market has not actually occurred. At present, all contracts involving the security of user assets have been time locked, and user assets are safe.
However, the investigation by the reporter of blockchain daily found that the background of rabbit finance's team is mysterious, and no relevant introduction can be found on the official website. Many investment institutions and cryptocurrency exchanges that have invested in and launched the project are not willing to disclose too many details.
Industry analysts said that similar anonymous team development projects, once there is a problem, the project side may roll money away, rights protection is very difficult.
It is worth noting that in the first half of 2021, a total of 78 well-known security incidents occurred in the whole blockchain ecology, involving an amount of US $1.7 billion.
11 VC institutions participate in investment
According to the self introduction of the project party, rabbit finance is a cross chain excess lending agreement of coin an intelligent chain BSC ecology, which helps deposit users obtain more interest income, and helps liquidity miners obtain higher mining income through up to 9 times leverage and optimal re investment strategy.
In an interview with the blockchain daily, a senior player in the coin circle said that rabbit finance is actually attracting people to make bets. The people who come in are equal to buying financial products, and the project party uses these assets for loan financing, which is equivalent to P2P. Specifically, investors pledge bitcoin or Ethereum into the capital pool and use liquidity to mine to obtain the project's token, but the value of the new currency is unknown.
The player pointed out that the team of rabbit finance project is mysterious, and once there is a problem, the project side will have the risk of rolling money and running away.
At present, rabbit finance's token is online on the cryptocurrency exchange lbank. On July 10, the highest price was $2.67. After the code vulnerability was exposed, it fell to $0.24 on July 14, down 91% in four days.
Rabbit finance previously disclosed that it was led by FBG capital, horizon capital, redline capital, Du capital, pcoin labs, hot labs, angelone capital, lbank, bkex capital, HBTC labs and bibox. It is worth noting that these token found VC involve a number of cryptocurrency exchanges, including lbank, bibox and HBTC (hobbit).
The reporter asked if the team background of the project could be disclosed, but Jody refused because he didn't know the situation.
78 typical safety cases occurred in the first half of the year
According to the official website of rabbit finance, the project has passed the security audit of certik and chains guard.
Audit company certik told the "blockchain daily" that the main problem pointed out by netizens was that rabbit finance did not add a time lock, which had been pointed out in the audit report, and contacted the project party yesterday (14th) to talk about the problem.
The so-called time lock refers to the function of using code to lock the transfer of funds from the contract in the blockchain. For example, funds can only be used on a specific date, at a specific time, or at a specific block height.
On July 14, rabbit finance also responded on its microblog.
First, on the issue of time lock permissions: Currently, all contracts involving the security of user assets have been time locked, and user assets are secure. About the contractual rights mentioned by users that are not related to the security of users' assets: the contractual rights of newly added leverage and the coinage rights. The team will move to the time lock today.
Second, it is not difficult to see that the current market circulation about the security of rabbit finance contract has not actually occurred, but more is the worry and speculation of some we media.
Third, many users see that rabbit finance has been harassed and maliciously speculated by DDoS in recent years, and think that it is other competitors who have systematically discredited rabbit finance in the community. We firmly believe that this situation does not exist and call on users to be rational.
The reporter of blockchain daily repeatedly contacted the relevant personnel of rabbit finance, and the other side refused the interview request.
Security vulnerabilities like rabbit finance often occur in the field of defi. But the most abominable is the project side fraud. Through camouflage and packaging, the creator of a project attracts investors to use the assets of the currency for mortgage, liquidity mining, farming income, etc. once they succeed, they will quickly roll up the money and run away.
According to the statistics of slow fog technology, a security company, in the first half of 2021, a total of 78 well-known security incidents occurred in the whole blockchain ecology, involving 50 defi security incidents, 2 wallet security incidents, 3 public chain security incidents, 6 exchange security incidents, and 17 other security related incidents, including 27 in Ethereum, 22 in coin security intelligent chain (BSC), 2 in polygon, heco, Boca ecology, etc One case in each EOS, and the total amount of loss is more than 1.7 billion US dollars (calculated according to the currency price at the time of the event).
Rabbit finance is a project on the coin security smart chain BSC. The relevant personnel of coin security told the reporter of blockchain daily that BSC is a decentralized public chain, and there is no centralized project audit. The audit of projects deployed on BSC is completed by a third-party audit company.
The relevant personnel said that risks and opportunities coexist in decentralized projects. It is suggested that users should put risks and safety first when they are attracted by interests, and do a good job in project research (dyor) and risk control (such as wallet management, investment proportion, etc.) before participating in decentralized projects.
- THE END -
Link to the original text:Financial Association