The decentralized finance protocol Blueberry successfully paused its protocol on February 23 to limit potential damage from an ongoing hack attack. The Blueberry Protocol Foundation reported on February 23 in a post on X that it was experiencing an ongoing hack attack and advised users to withdraw their funds from Blueberry as quickly as possible.
How is the Process Unfolding?
Following these developments, users reported problems withdrawing money from Blueberry, indicating that the front end was also down. The website and application were offline for a short time. About 30 minutes later, Blueberry confirmed that it was able to pause the protocol and that the website was back up and running.
“Currently, the deposited funds are no longer accessible, and we will update as we learn more.”
Later, another update was added stating that all funds drained from Blueberry were attempted to be taken over by c0ffeebabe eth and are now safe in the Blueberry multisig, with a lower validator payment being confirmed. The team is in contact with security and communication experts and is trying to communicate with the validator to return the remaining 91 Ethereum. Initially, a total of 457 Ethereum was drained from the protocol, but 366 Ethereum was recovered by a white-hat hacker and returned to the multisig wallet. The protocol team made the following statement:
“The deposited funds are now safe. Only three markets were affected, and the majority has already been returned. The total validator payment was 91 Ethereum. We are in contact and aim to provide a full refund to users. The protocol was paused during this process.”
Noteworthy Details About Blueberry
Blueberry protocol operates as a decentralized lending market, offering up to 20 times the collateral value in loans and leveraged borrowing. According to blockchain data analysis platform DefiLlama, it had a total locked value of 4.5 million dollars and forked from the Compound DeFi protocol. The TVL dropped to 3.15 million dollars after the hack attempt.
C0ffeebabe, became notorious for recovering approximately 5.4 million dollars worth of 2,879 Ethereum from a hacker and returning it to the decentralized finance (DeFi) protocol Curve Finance during a hack attack in July 2023. Interestingly, Blueberry claimed to have started with a security-first approach to development and risk mitigation to prevent any internal risks caused by protocol activity, publishing a security overview on February 22.
It also claims to have been audited by Hacken and Sherlock and conducted two independent token security audits, but the tweet promoting the security review disappeared from Blueberry’s X stream.
