Meerkat Finance, a decentralized finance project, has just said it has been drained by $31 million worth-of crypto assets due to a hack. But on-chain data shows it may not as simple as that.
The team behind Meerkat Finance, a yield farming pool running on the Binance Smart Chain that went live just one day ago, claimed in its official Telegram channel around 9:00 UTC on Thursday that its smart contract vault was compromised.
The project was subsequently drained by about 13 million BUSD and about 73,000 BNB, which in total are now worth $31 million. The funds were further transferred to multiple new blockchain addresses.
On-chain data shows that the supposed hacker(s) drained the funds by altering Meerkat's smart contract that contains the project's vault business logic via using the original Meerkat deployer's account.
That suggests that either the private key of the Meerkat deployer was compromised or this is self-directed by the project. What's also raising eyebrows is that the website of Meerkat has been taken down. At the same time, Meerkat Finance's twitter account has also been deleted.
A Binance representative said in the exchange's official Chinese Telegram channel that they have noticed the abnormality of the Meerkat project and is working with auditing firms Certik, PeckShield and Slowmist to investigate.
The representative further added a link for victims of the "Meerkat Finance rug pull" to report issues and stay up to date with the development.
It appears that victims have formed a "Meerkat_Rugpull" chat group on Telegram to post updates on the issue with 135 members already.