DeFi Platform Blueberry Halts Operations Following Exploitation Attempt: What Happened?

Blueberry, a decentralized finance (DeFi) protocol, halted its operations on Friday due to an ongoing exploit. 

Users were urged to withdraw funds from lending markets as the protocol faced a critical situation.

Blueberry Protocol Foundation encountered challenges as users reported difficulties accessing the platform, finding the front end inaccessible. The protocol successfully halted its operations within approximately 30 minutes.
However, following the pause, normal functionality was restored to Blueberry's website and application. The Blueberry Protocol Foundation assured users that their deposited funds were now secure from exploitation. 

To further ensure transparency and user confidence, the foundation committed to providing regular updates as more information became available.

‍

White Hat Hacker To The Rescue 

The exploitation incident resulted in the drainage of funds from significant lending markets, including Bitcoin (BTC), Olympus (OHM), and USDC. The total value locked (TVL) in the Blueberry Protocol faced a potential threat due to this exploit. 

In a surprising turn of events, the white hat hacker "c0ffeebabe.eth" emerged as the savior during the Blueberry Protocol exploit. The initial drainage of 457 ETH saw the white hat hacker successfully rescue 366 ETH, returning it to the multi-signature wallet.

The funds were intercepted and secured in the Blueberry multi-sig wallet, with the exception of the validator payment.

Blueberry Protocol's team is reportedly coordinating with security and communication experts to reach out to the validator and recover the remaining 91 ETH. 

‍

Background on Blueberry Protocol

Blueberry Protocol operates as a decentralized lending market, facilitating lending and leveraged borrowing of up to 20 times the collateral value. Derived from the Compound DeFi protocol, Blueberry had a total value locked (TVL) of $4.5 million, according to DefiLlama. However, the TVL experienced a decline to $3.07 million following the exploit attempt.

Ironically, Blueberry posted a "security overview" on Feb. 22, emphasizing a security-first approach to development and risk mitigation, which was later removed. The protocol claimed to have undergone audits by Hacken and Sherlock, in addition to two independent token security audits.