Decentralized finance (DeFi) lending and leverage protocol, Blueberry, has swiftly responded to an exploit by urging users to withdraw funds while the situation is being addressed.
The exploit was discovered by the Blueberry Protocol Foundation on February 23. As a precautionary measure, users were advised to withdraw their funds from Blueberry lending markets while the team worked on pausing the protocol to prevent further exploitation.
Shortly after the exploit was identified, users faced difficulties withdrawing funds as the platform’s front end went offline. Blueberry acknowledged these issues and encouraged users who could interact directly with the contracts to proceed with withdrawals.
Approximately 30 minutes later, Blueberry successfully paused the protocol, restoring stability to its platform. The website and app resumed functionality, allowing users to access their accounts. Blueberry provided an update, assuring users that deposited funds were no longer vulnerable to exploitation, alleviating concerns.
Further updates revealed that a white hat individual, c0ffeebabe.eth, had secured the drained funds and returned 366 ETH to the Blueberry multi-signature wallet. The protocol team stated that only a fraction of the funds remained unrecovered, with efforts underway to contact the validator responsible for the loss of 91 ETH.
The exploit attempt had an impact on Blueberry’s Total Value Locked (TVL), which decreased from $4.5 million to $3.15 million. Blueberry’s security measures and protocols were questioned by users, raising concerns about their reliability. Despite claims of a security-first approach, the incident prompted speculation about the protocol’s transparency and accountability, especially after a tweet promoting a recent “security overview” mysteriously disappeared from Blueberry’s feed.
