Despite a code audit by CertiK, Defrost Finance, an ecological stablecoin project, will be refunding the $12 million that was taken in a Dec. 23, 2022 exploit.
On-chain data will be used to make sure the stolen funds are appropriately allocated. This hack was first reported by blockchain security firm Peckshield and included two attacks: a flash loan attack that took $173,000 and a V2 attack that stole $12 million by using a fake collateral token and malicious price oracle to liquidate user positions.
This has caused concern about the reliability of code audits in assessing the security of decentralized finance (DeFi) projects.
Defrost and Rubic Finance, which also experienced a hack and had gone through a code audit by CertiK, had centralization issues in their smart contracts.
If a hacker gains access to a shared code block or variable, this can put the security of a project at risk.
Although CertiK provides reports, they contain a disclaimer stating that the company does not guarantee the security or functionality of the technology it reviews. Therefore, investors are recommended to do their own due diligence.