Verify a decision

{"actor":"system:backfill","investigation_id":"e5cf3900-a013-4931-bdac-fdaf77d5471b","kind":"publish","page_slug":"defrost","published_at":"2026-05-28T16:22:21.865Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Defrost Finance","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.coindesk.com/business/2022/12/25/defrost-finance-hacked-in-attack-some-say-may-have-been-a-rug-pull","type":"other","url":""},{"credibility":3,"name":"https://defillama.com/protocol/defrost","type":"other","url":""},{"credibility":3,"name":"https://www.coingecko.com/en/coins/defrost-finance","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.coindesk.com/business/2022/12/25/defrost-finance-hacked-in-attack-some-say-may-have-been-a-rug-pull","type":"other","url":""},{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-defrost-hack-december-2022","type":"other","url":""},{"credibility":3,"name":"https://medium.com/@DeDotFiSecurity/exclusive-the-defrost-team-rugpulled-12m-7m-999b24c13f47","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://cointelegraph.com/news/defrost-finance-offers-20-payment-to-hackers-as-certik-claims-project-is-an-exit-scam","type":"other","url":""},{"credibility":3,"name":"https://medium.com/@DeDotFiSecurity/exclusive-the-defrost-team-rugpulled-12m-7m-999b24c13f47","type":"other","url":""},{"credibility":3,"name":"https://dailycoin.com/defrost-finance-hacked-for-12-million-security-firms-call-it-a-rug-pull/","type":"other","url":""},{"credibility":3,"name":"https://www.coindesk.com/business/2022/12/25/defrost-finance-hacked-in-attack-some-say-may-have-been-a-rug-pull","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.coindesk.com/business/2022/12/30/defrost-finance-denies-rug-pull-allegations-amid-12m-exploit","type":"other","url":""},{"credibility":3,"name":"https://cointelegraph.com/news/defrost-finance-breaks-silence-on-exit-scam-accusations-denies-rug-pull","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://medium.com/@DeDotFiSecurity/exclusive-the-defrost-team-rugpulled-12m-7m-999b24c13f47","type":"other","url":""},{"credibility":3,"name":"https://medium.com/@DeDotFiSecurity/the-most-evil-crypto-scam-defrost-finance-was-funded-with-criminal-money-cb08c99fb6d9","type":"other","url":""},{"credibility":3,"name":"https://finance.yahoo.com/news/latest-defi-hack-drains-7-050841516.html","type":"other","url":""},{"credibility":3,"name":"https://medium.com/phoenix-finance/finnexus-statement-regarding-the-may-2021-hack-d69e1b7617dc","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.coindesk.com/business/2022/12/26/defrost-finance-says-hacked-funds-have-been-returned","type":"other","url":""},{"credibility":3,"name":"https://medium.com/@Defrost_Finance/the-refund-contract-has-been-deployed-here-is-how-to-claim-your-refund-6632c53f6c5c","type":"other","url":""},{"credibility":3,"name":"https://medium.com/@Defrost_Finance/details-of-the-defrost-finance-refund-plan-ba574236158d","type":"other","url":""},{"credibility":3,"name":"https://cointelegraph.com/news/here-s-how-defrost-finance-plans-to-refund-users-following-12m-hack/amp","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://defillama.com/protocol/defrost","type":"other","url":""},{"credibility":3,"name":"https://www.coingecko.com/en/coins/defrost-finance","type":"other","url":""},{"credibility":3,"name":"https://coinmarketcap.com/currencies/defrost-finance/","type":"other","url":""}]}],"sources_used":[],"summary":"Defrost Finance was an Avalanche-based CDP (Collateralized Debt Position) DeFi protocol that allowed users to collateralize yield-bearing tokens to mint an H2O USD-pegged stablecoin. In December 2022 the protocol suffered a two-stage exploit resulting in approximately $12 million in losses; multiple blockchain security firms — including CertiK, PeckShield, and De.Fi Security — alleged the attack constituted an insider rug pull enabled by admin key access, a conclusion the team denied. Funds were subsequently returned and a refund contract was deployed in January 2023, but the protocol has since effectively ceased meaningful operations with under $100,000 in TVL, and the MELT governance token has lost nearly all of its value.","timeline":[{"date":"2021-05-17","event":"FinNexus (Phoenix Finance), a DeFi options protocol allegedly operated by the same team, is exploited for approximately $7.6 million via a private key compromise and token minting attack.","source":""},{"date":"2021-09-01","event":"Defrost Finance launches on Avalanche. De.Fi Security later alleged that project deployment was partially funded by proceeds from the 2021 FinNexus exploit.","source":""},{"date":"2022-02-01","event":"Defrost Finance TVL peaks at approximately $95 million.","source":""},{"date":"2022-12-23","event":"First attack: Flash loan exploit on Defrost V2 drains approximately $173,000 by exploiting a reentrancy vulnerability in the flashloan/deposit functions.","source":""},{"date":"2022-12-24","event":"Second attack: Defrost V1 is exploited via admin owner key access; attacker inserts a fake collateral token and malicious price oracle, mints 100 million H2O, and liquidates user positions. Total losses reach approximately $12 million.","source":""},{"date":"2022-12-25","event":"CoinDesk and PeckShield report on the exploit. PeckShield states the attack 'may have been a rug pull.' Defrost TVL drops from $13 million to under $93,000.","source":""},{"date":"2022-12-26","event":"CertiK publicly labels Defrost Finance an 'exit scam,' citing inability to contact team members. Defrost Finance announces funds from V1 attack have been returned.","source":""},{"date":"2022-12-28","event":"Defrost Finance team breaks silence with a statement denying rug pull allegations, characterizing the event as an external private key compromise.","source":""},{"date":"2022-12-30","event":"De.Fi Security publishes on-chain analysis alleging the multisig wallet creator is the same address that initiated the malicious oracle replacement, and connecting Defrost team to the 2021 FinNexus exploit.","source":""},{"date":"2023-01-11","event":"Defrost Finance deploys refund smart contract. Affected V1 vault depositors and H2O holders become eligible to claim stablecoin reimbursements based on pre-exploit positions.","source":""}]},"v":1}