Staking and farming platform Bent Finance has reportedly lost $1.6 million to an exploit. The project asked investors to withdraw their funds and disable reward requests on the compromised platform.
Was it an inside job?
Bent Finance confirmed the exploit on Monday. At the time, the company reported no loss of funds. Nevertheless, an hour before the announcement, the Twitter account @YettyWapp had already noted that a hacker had pulled a total of 263k cvxCRV from the platform. Later, PeckShield reportedly tracked down the source of the transactions which was the Bent deployer address. This prompted some community members to point fingers at the protocol, blaming it for a possible rug pull.
Bent Finance responded to Peckshield’s post stating, “There was an exploit from the bent deployer address it added balance of cvxcrv and mim to an address on an unverified update 20 days ago. We just discovered this today. There are multiple members on this team, and we will make this right.” Bent Finance advises its pool investors to withdraw their funds until the vulnerability is fixed. However, the company has confirmed that it will recover all stolen funds from the Bent Curve pool.
1/ There was an exploit from the bent deployer address, it added balance of cvxcrv and mim to an address on an unvierifed update 20 days ago. We just discovered this today. There are multiple members on this team and we will make this right.
— Bent Finance 🌈🦄 (@BENT_Finance) December 21, 2021
The sixth exploit of December
According to a tweet from crypto fraud investigator and former member of the US Secret Service Joe McGill of TRM Labs, Bent Finance has already lost more than 400 ETH since the attack. The total value of the lost Ether is about $1.6 million at press time. According to the private institution, the hackers have been siphoning funds from the log since December 12.
The $BENT token is currently down 72.5% due to the exploit and is trading at $4.19. The exploit at Bent Finance is not the first exploit this month. In December alone, five crypto companies, including Grim Finance, BitMart, Badger DAO and AscendEX lost a total of more than $600 million to successful hacks. According to a report by Elliptic, losses caused by DeFi exploits amount to $12 billion in 2021.