Back to all stories
Reports
Incident Analysis
Hope Finance
2/28/2023
Hope Finance

Introduction

On 20 February, 2023, CertiK detected the largest exit scam that occurred on Arbitrum this year so far. A recently launched project named Hope Finance had users funds drained from their Genesis Rewards Pool. Wallets associated with the core team were able to drain the Genesis Rewards Pool after orchestrating a backdoor to access users funds. In total, $1.86 million was stolen and bridged to Ethereum before being deposited into Tornado Cash.

Event Summary

Hope Finance began promoting their project from 1 February with an anticipated launch on 20 February at 2:00 PM +UTC. However, instead of a successful launch of their Genesis Rewards Pool it quickly became apparent that an externally owned address (EOA) was able to drain the pool. At first appearances, it seemed that Hope Finance may have been exploited; however, when examining some of the teams wallets in the lead up to the incident it became obvious that this was an exit scam. Not all within Hope Finance appear to be involved in the exit scam. The project's Twitter account posted an image of who they claim to be the scammer, along with identifying information such as a ID card.

Screenshot 2023-02-21 at 12.58.45 Image: Hope Finance allegedly exposing identity of supposed scammer. Source: Twitter

The individual in the image is Pascal Chukwuebuka Ugwoke and he is a student in Nigeria according to his online social media accounts. A LinkedIn page was identified for this individual which states that he attended the Michael Okpara' University of Agriculture.

Screenshot 2023-02-21 at 13.08.55

The profile has no activity and no connections. Whilst we cannot ignore the claims made by the Hope Finance Twitter account, CertiK cannot independently confirm the claims that have been made by the project. Furthermore, it is a realistic possibility that the doxxing of this individual is misdirection to cover for the real culprits behind this exit scam. The stolen funds were were eventually bridged to Ethereum before being deposited into Tornado Cash. In total, $1.86 million worth of ETH were deposited into Tornado Cash.

Vulnerability Created

Funds from the Genesis Rewards Pool contract were drained once EOA 0x4481a3539be6c2dedf7a71b77e93bf44b64a9113 called OpenTrade() which contained a critical bug following the actions of an insider within the project.

To prepare for the draining of the Genesis Rewards Pool, EOA 0x4481a creates a fake router contract and updates this address as the SwapHelper within the Genesis Rewards Pool. Whilst this action may initially lead to suspicions of a private key compromise, this change was confirmed by three of the four owners of a multisig wallet belonging to the project. This means that any external hacker would have had to have compromised three EOAs before any funds were stolen. Whilst this isn’t impossible, in this case it is unlikely.

When examining the owner EOAs of 0x8EBd0 (Hope Finance multisig), we can see that three wallets confirmed a fake router contract to the SwapHelper within the Genesis Reward Pool. The three wallets confirming the were 0x33180, 0x00f49 and 0xdfcb9a. When analyzing these wallets we see that 0xdfcb9a is the contract creator for the Genesis Reward Pool which interacts with 0x00f49. EOA 0x33180 approves the SwapHelper upgrade to the fake router contract and is then removed as an owner from the multisig. At the time of writing 0x00f49 and 0xdfcb9a along with two blank wallets own the Hope Finance multisig.

Following this change, updates were made to the fake router contract which meant that when OpenTrade() was called on the Genesis Rewards Pool funds from the project's pools were sent straight to the scammer. Below is a detailed explanation of how the attack took place.

On-chain Analysis

The incident started with 0x4481A creating an unverified fake router contract: 0x1994fb46ca626e0910a96705de3563f4e78c8caa.

The GenesisRewardPool creator (0xdfcb9) was then used to update the SwapHelper which changed the router address to the fake one created in step one. This setRouter() update required approval from all 3 owners of multisig wallet 0x8ebd0. image-20230221-133429 Image: Multisg approval for setRouter update Source: app.safe.global

  1. 0x4481A called the fake router contract and updated function 0x3c6455ac() which takes 2 arguments, _swapExactTokenForTokens and _USDC. The first was set to 0x957D3 and the second was left blank.

orlGswRJEZttQQ8AZfSfoDDQ8Dtm08ohb17IaLy2u2bNxpZxs W7Znte4akeYglevq7dC 5Ij7Gzl8B7PuTNirAiOqkHEEFW7obMax4Rwj93jlzncEMxzATEKzI0gPAjsyuDuDK2613mulYUEqFCPkw Image: Function 0x3c6455ac from contract 0x1994. Source: Dedaub

image-20230221-140506 Image: _swapExactTokenForTokens is set to 0x957D Source: Arbiscan

  1. 0x4481A called OpenTrade() twice, which is used for borrowing funds, once for pool 0 (WETH) and again for pool 1 (USDC). For pool 0, the OpenTrade() call triggered a transfer of 477 WETH to the Hope TradingHelper (0x56d3b). The TradingHelper contract is used for WETH/USDC conversions. At this point the WETH would normally be sent to the swap address and converted to USDC.

Instead, in the decompiled function from 0x1994f, we can see that variable v9 was assigned address(varg2[0x0]), the first token in swap the path which was WETH. The pre-set receiving address was passed to variable v2 0x957D3. The TradingHelper address, which has all the WETH was stored in variable v17.

7nvIVPUTWQ4XHcii3TCmsl2G HHCtlRhJaK3mjH53FKUawifPhwNvjPqRc5Y8N6xCDSHEW5WcgcQ5jzdfRq8G8L-xOx-BmS4K7lcRQ0wWbPImY56Z7ILQ40kAj19SJtDMbO61gc7UN93 8ELhb-NSrw Image: _swapExactTokenForTokens function in contract 0x1994 Source: Dedaub

The following line of code, still within _swapExactTokensForTokens() function, transferred ‘v56’ (calculated separately) 477 WETH from ‘v17’ (msg.sender) to the receiving address 0x957D3.

wzHg7GtxXENls1vVLaeAy1KUIb5aI3DLbOKh93X3b1vbtBSGt0KJVet Qo9ypSYpokAc 9w vXi65Wlpl3eP4J1dpp3NrAkdVEiwaG9X csn1jR93fdrbQ CFrtH6nHyHi- xD5T-G-IJC7g MI0K10 Image: _swapExactTokenForTokens function in contract 0x1994 Source: Dedaub

  1. In total the two OpenTrade calls transferred 477 WETH and 1,061,759 USDC to 0x957D. The funds were bridged to Ethereum via CelrBridge and converted to a total of 1095 ETH which was then sent to Tornado Cash.

Security Incidents on Arbitrum

Web3 security incidents on Arbitrum are relatively rare. This is primarily due to a small number of projects and protocols built on the layer 2 compared to older chains. In 2022 CertiK detected three incidents resulting in a total loss of $8.1 million whereas $7.7 million has been recorded over four incidents in 2023. Unfortunately, we are already on track to see more users funds lost to hacks, scams and exploits on Arbitrum in 2023. As more dapps are built on Arbitrum and more users participate, the more targets are present for malicious actors. It’s likely that we’ll see an increased number of security incidents leading to greater losses as more and more projects are being built on Arbitrum.

Conclusion

This exit scam is the second incident to occur on Arbitrum in 2023 and is by far the largest. The Hope Finance incident ranks 5th of all exit scams in 2023 and brings the total exit scam figure for the year at $21.3 million. This means exit scams make up the majority of the $59 million already lost in 2023. In this specific case, centralization vulnerabilities were exploited by insiders due to the mishandling of the projects multisig wallet. Multi-signature wallets, when implemented correctly, can overcome major vulnerabilities like centralization. However, in the case of Hope Finance the multisig was likely controlled by a single individual or a small number of individuals which takes away any mitigation to centralized vulnerabilities. An audit will note that a multisig mitigates centralization issues, however a CertiK KYC looks into a projects team and background to understand who controls what within a protocol. Check certik.com for projects that have passed a KYC as well as audits to help you do your own due diligence.