Crypto Lender Kokomo Finance Conducts $4M Exit Scam

  • Blockchain security firm CertiK warned that the team behind Kokomo Finance have executed a rug pull on Sunday, and stolen around $4 million in user funds.
  • The website and social media accounts of the Optimism-based crypto lender have all been deleted, while its KOKO native token fell by more than 98%.


The team behind Optimism-based lending protocol Kokomo Finance appear to have executed a rug pull over the weekend, stealing around $4 million in funds, security firm CertiK said via Twitter on 27 March.

Launched on 25 March, Kokomo Finance was an open-source, non-custodial lending protocol on Optimism that allowed users to borrow, lend, and trade several major cryptocurrencies, including wrapped Bitcoin (wBTC), Ether (ETH), Tether (USDT), USD Coin (USDC), and Dai. The project quickly rose in popularity among Optimism users — and was even tracked by platforms like CoinGecko and DefiLlama — but on 26 March all of Kokomo Finance’s online presence was removed.

According to blockchain security firm CertiK, Kokomo’s developers deployed an attack contract cBTC from the main address of the KOKO native token on Sunday, and then resetted the reward speed and paused the borrow function. The cBTC contract was then given approval to spend 7010 Sonne wrapped Bitcoin (So-wBTC), which were transferred to address 0x5C8d and then swapped for 141 wBTC producing a $4 million profit.

Shortly after Kokomo’s social media accounts and website were deleted, the value of the KOKO token fell by more than 98%, wiping nearly all value for its holders.

Related Coverage
CertiK to Compensate Victims of Merlin DEX Rug Pull
  • Security firm CertiK had conducted an audited of Merlin’s code only days before rogue developers stole close to $2 million from the project.
  • The company is now working with the remaining Merlin team members on a community compensation plan to cover the stolen funds.
April 27, 2023, 12:19 PM


Genesis Bankruptcy Plan Disrupted by New Creditor Demands
  • Genesis reached an “agreement in principle” with DCG and its creditors back in February, which would have seen creditors recover roughly 80% of their funds.
  • A group of creditors has now moved away from that agreement, forcing Genesis to request a court appointed bankruptcy mediator.
DeFi Protocol Exploited by Alleged White Hat Hacker
  • DeFi lender has paused all borrowing while investigating an exploit which saw an attacker borrow $1.6 million worth of assets using only 1 GMX token.
  • The attacker, however, appears to be a white hat hacker who the platform has already contacted in order to remedy the situation.