Cryptocurrency investors were left reeling after Arbix Finance, a once securely vetted firm, pulled off a classic rug pull scam, making off with millions of dollars of deposited funds. The firm had previously undergone an audit by CertiK, a reputable decentralized finance security player, giving investors a false sense of security.
In a tweet, CertiK revealed that the developers behind Arbix directed $10 million of investor funds to unverified pools, where an unknown hacker drained the assets and converted them to Ethereum using the AnySwap USDT exchange. The exploit was made possible by inserting eight mint() functions into a newly deployed ARBX ERC20 contract, allowing the owner to mint ARBX tokens to any address.
The incident highlights the challenges investors face in the rapidly evolving world of DeFi, where rug pulls have become increasingly common. According to reports, rug pull scams accounted for over a third of cryptocurrency fraud revenue in 2021, generating more than $2.8 billion for fraudsters.
Rug pulls are particularly prevalent in DeFi due to the ease of creating new tokens on the Ethereum blockchain and listing them on decentralized exchanges without undergoing a code audit. This makes yield farming, a popular DeFi practice that promises high returns on cryptocurrency investments, an attractive target for fraudsters.
Despite the risks, many investors are drawn to yield farming for its potential to generate interest on cryptocurrency holdings, similar to traditional banking practices. However, incidents like the Arbix Finance rug pull serve as a stark reminder of the importance of thorough due diligence and caution when navigating the volatile landscape of DeFi investments.