Blueberry managed to droop its lending companies shortly after struggling an exploit that led to over $1.3 million value of Ether being drained from the DeFi protocol.
In an X publish revealed on February 23, the Blueberry Protocol Basis introduced that it was at present experiencing an “ongoing exploit” and really helpful customers to withdraw their funds from Blueberry lending markets whereas the muse labored on halting the protocol.
Additional particulars of the exploit:
All the drained funds had been entrance run by @ coffeebabe_eth (not actual twitter, not on socials) and at the moment are secure within the Blueberry multisig, much less the validator fee.
The staff is in touch with safety and comms professionals and can try…
— Blueberry Protocol Basis 🫐🫐 (@blueberryFDN) February 23, 2024
Blueberry Suffers Assault
Shortly after Blueberry’s preliminary publish, customers reported having points with withdrawal, main the protocol to notice that its entrance finish was additionally down.
“The entrance finish can be down, so if you’ll be able to work together straight with the contracts to withdraw, please do,” Blueberry mentioned in a separate X publish.
The web site and app went offline briefly, with each noting that “a client-side exception has occurred.”
Roughly half-hour later, Blueberry confirmed that it had efficiently suspended the protocol. Its web site has been restored and is at present totally operational.
A further replace from the protocol said that the entire drained funds had been front-run by white hat hacker c0ffeebabe.eth and at the moment are resting safely within the Blueberry multisig. A complete of 457 ETH (~$1.34 million) was initially drained, however 366 ETH (~$1.07 million) was rescued by c0ffeebabe.eth and returned to the multisig pockets, the staff famous.
“Deposited funds are at present secure,” Blueberry mentioned. “Solely three markets had been affected and the massive majority was already returned. Complete validator fee (loss) is 91 ETH. We’re getting in contact and intention for a full reimbursement to customers because the aim. Protocol is paused.”
The Blueberry Protocol
The Blueberry Protocol is a decentralized lending market that facilitates lending and leveraged borrowing with the power to go as much as 20 occasions the worth of the collateral.
In keeping with DefiLlama, the protocol had a complete worth locked (TVL) of $4.5 million earlier than the incident. Its TVL has now fallen to $3.11 million after the exploit try.
On February 22, Blueberry launched a “safety overview,” saying that its strategy to growth and danger mitigation prioritizes safety from the outset to forestall any inside dangers arising from protocol exercise.
The protocol additionally mentioned that it underwent audits by Hacken and Sherlock who performed two unbiased token safety audits. Nonetheless, the tweet selling the “safety evaluation” is not seen on Blueberry’s X feed.
