1
Introducing BASE YouTube Screenshot/ Coinbase Official YouTube Chanel

Base, the layer-2 scaling solution developed by cryptocurrency exchange Coinbase to provide faster and cheaper transactions, is slowly becoming the breeding ground for malicious actors, with several cryptocurrency projects losing millions of dollars in funds due within 24 hours due to exploits.

Coinbase's L2 scaling solution has been in operation for just a week but has already seen a stream of malicious actors in its network. This week, two crypto projects, RocketSwap and SwirlLend, lost more than $1 million to supposed attackers.

Crypto lender SwirlLend, a project active on Base and Linea, reportedly carried out an exit scam, more popularly known in the crypto world as a rug pull.

Blockchain security firm PeckShield shared on X (formerly Twitter), a series of actions SwirlLend executed, which included a transfer from Base worth $289,500 in crypto, a transfer of 94 ETH from Linea, the creation of a new token and the laundering of 253.2 ETH using the crypto mixing tool Tornado Cash.

The crypto lender has deleted all of its social media accounts and its official website is no longer accessible.

Data from DeFi data aggregator DefiLlama revealed that the total value of assets locked on SwirlLend nosedived from a peak of $769,440 to only less than $50.

The total loss is approximately $460,000, according to security firm Certik.

SwirlLend's reported rug-pulling of its users took place a few days after the decentralized exchange RocketSwap experienced a brute force attack that saw a loss of around $865,000.

Peckshield estimated that the DEX lost 471 ETH, with the malicious actors reportedly bridging the funds from Base to Ethereum.

"Due to the proxy contract linked to our farm contract, multiple high-risk permissions became vulnerable," RocketSwap said, adding, "This resulted in the unauthorized transfer of the farm's assets. Immediate steps were taken to shut down the farm and halt further potential risks."

But some users accused the team of rug-pulling the project.

The malicious actor behind the RocketSwap attack later created two meme coins, LoveRCKT and LoveRCKT 2.0, with the value of both tokens plunging rapidly immediately after he removed liquidity from them.

Speaking of removing liquidity, BALD was one of the first projects on Base that reached $85 million in market capitalization before its creator reportedly rugged it. BALD meme coin was one of the first projects on the L2 network and reached an $85 million market cap before it was rugged by its creator.

But these incidents may just be the beginning of the massive blowback just waiting for a trigger if the latest blog by crypto trade surveillance service Solidus Labs is anything to go by.

"When Coinbase's Layer 2 blockchain Base launched for developers on July 13, scam token creators snuck along for the ride. In the days after the network's developer launch but before its public launch – announced last week – black hat developers deployed more than 500 scam tokens on the blockchain," the blog disclosed.

"Roughly 300 of these scam tokens' smart contracts contained hidden functions enabling their creators to mint an unlimited number of new coins; another 70 contracts contained obfuscated transaction fee modifiers; and more than 60 contained honeypots, blocking buyers from reselling their tokens altogether," the blog stated.

"These scam tokens attracted approximately $3.7 million worth of trading volume on Base-based DEXs — $2.7 million worth of buys, $700,000 worth of sales, and $300,000 worth of wash sales executed by the scammers themselves. The entirety of the $2 million spread between authentic buy and sell volume was captured by the scammers as profit," Solidus Labs shared.

According to Solidus, malicious actors take profit from these activities in two ways - "by removing all liquidity from their DEX pairs as soon as a critical mass of users invested – $1.7 million – or by 'minting' an arbitrarily large quantity of new coins and then selling them, thereby draining the DEX pair of its Ether (ETH)– $300,000."

Coinbase said it anticipated this kind of project in the Base network, considering its permissionless and open nature, and encouraged customers to conduct their own research while it is developing an open-source monitoring tool.

"Given the permissionless and open nature of Base, we expect to see various types of projects built on the network," a Coinbase spokesperson said, adding, "We encourage consumers to do their research diligently before participating in any Dapp, on Base or any other chain. [...] To help enhance the security of the Ethereum ecosystem as a whole, we are developing an open-source monitoring tool, Pessimism, to provide prompt notification of anomalies in the protocol and network."

Read more