Defrost Finance Fake-Collateral / Rug
An owner-key compromise added a fake collateral token to Defrost Finance on Avalanche, liquidating all positions for ~$12M. Most funds were returned to users.
- Date
- Victim
- Defrost Finance
- Chain(s)
- Status
- Recovered
On December 23, 2022, Defrost Finance on Avalanche lost approximately $12 million when an owner-privileged action added a malicious collateral token and set a manipulated price, triggering mass liquidation of all user positions to the attacker. The compromise was an owner-key issue (theft or insider). After negotiation, most of the funds were returned.
What happened
Defrost's owner role could add collateral types and oracles. A malicious collateral token with an attacker-set price was added; the protocol then liquidated every position against it, transferring user collateral to the attacker (~$12M). Following public pressure and negotiation, the bulk was returned.
Why it matters
Defrost combines two catalogue staples: owner-privileged collateral/oracle control (Fortress) and the key-compromise-vs-insider ambiguity (Grand Base). The structural rule: the power to add a collateral type and its price is the power to liquidate the entire protocol — that authority must be timelocked and multi-sig-gated, never a single owner action. The near-full recovery makes it one of the catalogue's better outcomes, but the design — one privileged call away from total loss — is the durable lesson.
Sources & on-chain evidence
- [01]halborn.comhttps://www.halborn.com/blog/post/explained-the-defrost-finance-hack-december-2022
- [02]coindesk.comhttps://www.coindesk.com/business/2022/12/26/defrost-finance-says-hacked-funds-have-been-returned
- [03]crypto.newshttps://crypto.news/defrost-finance-stolen-funds-have-been-reimbursed/