Blueberry, a decentralized finance (DeFi) lending and leverage protocol, has taken swift action to mitigate potential damage following the discovery of an exploit. Users have been urged to withdraw funds as the protocol works to address the situation.
An exploit was detected, and the protocol was paused
Blueberry Protocol Foundation announced on Feb. 23 that it had detected an ongoing exploit within its protocol. As a precautionary measure, users were advised to withdraw their funds from Blueberry lending markets while the team worked on pausing the protocol to prevent further exploitation.
Shortly after the exploit was identified, users encountered difficulties withdrawing funds as the platform’s front end went offline. Blueberry acknowledged these issues and encouraged users who could interact directly with the contracts to proceed with withdrawals.
Approximately 30 minutes later, Blueberry successfully paused the protocol, restoring stability to its platform. The website and app resumed functionality, allowing users to access their accounts. In an update, Blueberry reassured users that deposited funds were no longer exploitable, relieving the chaos.
Further updates from Blueberry indicated that the drained funds had been secured by a white hat individual, c0ffeebabe.eth, who managed to rescue 366 ETH and return it to the Blueberry multi-signature wallet. The protocol team emphasized that only a fraction of the funds remained unrecovered, with efforts underway to contact the validator responsible for the loss of 91 ETH.
Impact on total value locked and security measures
Blueberry protocol, known for its decentralized lending market allowing leveraged borrowing, saw a decline in its Total Value Locked (TVL) from $4.5 million to $3.15 million following the exploit attempt. The protocol, which was forked from the Compound DeFi protocol, faced scrutiny as users questioned the effectiveness of its security measures.
The incident raised concerns about the reliability of Blueberry’s security protocols despite claims of a security-first approach to development and risk mitigation. The protocol had previously boasted audits from Hacken and Sherlock, along with independent token security audits.
However, a tweet promoting a recent “security overview” mysteriously disappeared from Blueberry’s feed, prompting speculation about the protocol’s transparency and accountability.