Defrost finance was exploited on the 23rd december for 170k, and again today for over $12M. The analysis done by peckshield shows that it may be a rugpull. Defrost Finance was audited by certik in November 2021.
analysis shows a fake collateral token is added and a malicious price oracle is used to liquidate current users. The loss is estimated to be >$12M.
Not long after that, Rubic, a cross chain aggregator was exploited for over $1.5M in ETH. Attacker has sent the ETH to tornado cash. Rubic was also audited by certik according to its website.
https://preview.redd.it/g6k14qken08a1.png?width=1388&format=png&auto=webp&s=ef028447dd1cc0b5b80107f2f397700e07ea56fd
This begs the question, do security audits for defi protocols mean nothing? Projects get audited and then claim to be rug proof, and safe. Certik now seems to be pretty unreliable considering they are a pretty well known name in defi audits.
