Kokomo Finance, a lending protocol based on optimism, is believed to have perpetrated an exit scam worth $4 million. The security firm CertiK alerted its followers to the incident in a Twitter post, stating that the KOKO token lost 95% of its value in a matter of minutes. CertiK also noted that Kokomo Finance removed all social media accounts immediately following the alleged rug pull. The smart contract code of a wrapped Bitcoin token, cBTC, was attacked by the deployer of KOKO by resetting the reward speed and pausing the borrow function.
Following this, an address beginning with “0x5a2d” authorized the new cBTC smart contract to spend over 7,000 Sonne Wrapped Bitcoin (So-WBTC). The attacker then swapped the So-WBTC to the 0x5a2d address, generating a $4 million profit. The KOKO token price plummeted over 97% at around 4:10 pm UTC time on March 26, with over $2 million locked into Kokomo Finance prior to the fall. Kokomo Finance’s social media presence and websites are currently offline.