- An Ethereum DeFi project has lost a substantial sum to a bad actor before it could even get its feet off the ground.
- Security analysis revealed that the project was compromised from the get-go.
- Security experts see the recent exploit as a cautionary tale to other projects.
For all decentralized finance’s promise to democratize access to financial services, dabbling in the space can often feel like adventuring through the Wild West as it continues to be plagued by security issues, often with no recourse for users.
The latest instance highlighting this is the hack of an up-and-coming DeFi project on the Ethereum network.
Don't Miss:
- ‘Scrolling To UBI' — Deloitte's #1 fastest-growing software company allows users to earn money on their phones. You can invest today for just $0.26/share with a $1000 minimum.
- Can you guess how many retire with a $5,000,000 nest egg? The percentage may shock you.
$800K Lost
The ROAR, a fledgling Ethereum-based DeFi ecosystem project, has lost nearly $800,000 in a bewildering exploit.
On April 16, Web3 security auditor Hacken reported that a staking contract tied to the project had been drained of 100 million 1ROR tokens worth $785,000. Hacken highlighted that the attack was not an exploitation of a flaw in the code but a backdoor.
“A developer embedded a backdoor in the staking contract by presetting their wallet’s user.amount (staked amount) directly in the constructor. So from the moment the contract was deployed, they had withdrawal rights without ever actually staking,” Hacken on-chain researcher Yehor Rudytsia told Benzinga in a statement.
Trending: BlackRock is calling 2025 the year of alternative assets. One firm from NYC has quietly built a group of 60,000+ investors who have all joined in on an alt asset class previously exclusive to billionaires like Bezos and Gates.
After deploying the code, all the developer had to do was wait 17 days for the token to be listed and enough liquidity to be injected into the contract to cash out. Then, they quickly dumped the token for ETH and funneled the loot through popular crypto mixer Tornado Cash to cover their tracks.
“No complex exploit, just malicious logic planted at deployment and timed to hit after launch hype and listing,” Rudytsia said.
The ROAR confirmed Hacken’s report, asserting that the exploit was carried out by a contracted developer. Still, the project maintained that the developer was not part of its core team. The team added that the rogue developer has been removed from the project and all their access revoked.
In a community call later, The ROAR asserted that it was gathering evidence to pursue legal action against the rogue developer, adding that it had scrubbed the project of their code contributions.
See Also: Hasbro, MGM, and Skechers trust this AI marketing firm — invest pre-IPO from $0.60 per share now.
According to Hacken, The ROAR exploit highlighted the need for projects to minimize trust in individual developers, noting that similar patterns have been observed with attacks linked to North Korean hacking groups where this trust in individual developers has been exploited to compromise projects.
“Projects need to implement reproducible builds, enforce separation between developers and deployers, and validate that deployed bytecode matches the audited source. But beyond that, orgs should treat dev access like a live attack surface: monitor credentials, watch for anomalies, and never store secrets in plaintext,” Hacken told Benzinga.
The ROAR exploit sent the value of 1ROR tumbling 84% from $0.02270 to $0.003727, though the price has since pared some of its losses to trade at $0.009074, likely on promises of buybacks from developers.
Read Next:
- This investment company boasts a 33.85% internal rate of return (IRR) for its realized projects, allowing accredited investors to earn passive returns and avoid the headaches of being a landlord.
- Deloitte's fastest-growing software company partners with Amazon, Walmart & Target – Many are rushing to grab 4,000 of its pre-IPO shares for just $0.26/share!
Image: Shutterstock
© 2025 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.
Trade confidently with insights and alerts from analyst ratings, free reports and breaking news that affects the stocks you care about.
