BaseBros Fi, a decentralized finance yield optimization protocol built on the Base blockchain, has disappeared, leaving its investors in a difficult situation.
According to ChainAudits, the project suddenly disappeared on September 13, deleting its website and all social media accounts on platforms like X and Telegram.
According to Cyvers on X, the disappearance is being treated as a rug-pulling incident that has left investors unable to recover funds totaling over $130,000.
Carpet pulling details
The rug-pulling operation was facilitated through an unaudited smart contract, a self-executing piece of code used to manage transactions and strategies on decentralized finance platforms. In this case, the contract contained a “backdoor” that allowed the BaseBros team to embezzle funds deposited by users.
Source: BaseBro’s deleted X profile
Smart contracts are often central to decentralized finance platforms because they automate complex financial transactions without the need for intermediaries like banks. However, unregulated smart contracts can be vulnerable to exploitation and make investor funds more vulnerable to theft.
Chain Audits had previously examined some of BaseBros’ smart contracts. Chain Audits confirmed that the specific contract responsible for the theft, known as the “Vault Contract,” was not part of their previous audits and had not been verified on the blockchain. The vulnerability allowed the BaseBros team to siphon user deposits from the project’s “Strategy” contract and steal the funds without triggering security alarms.
At the time of the rug pull, BaseBros Fi had gained a significant following, with over 2,000 users on X and over 3,300 members on Telegram. The sudden disappearance shocked the community, who lost access not only to their investments but also to all communication channels with the project team.
According to Cyvers, the BaseBros attackers transferred the stolen $130,000 via Tornado Cash (TORN), a crypto mixing service designed to obscure the transaction trail. The use of Tornado Cash has become common in DeFi attacks, making it difficult to track the stolen funds.
In July, the ETHTrustFund project on the Base network was completely shut down, causing investors to lose $2 million as developers moved funds to a new wallet and went silent. Some of the stolen Ethereum (ETH) was laundered through Tornado Cash.
Bitcoin 
Ethereum 
Tether 
BNB 
Solana 
USDC 
XRP 
Lido Staked Ether 
Dogecoin 
Toncoin 
TRON 
Cardano 
Avalanche 
Wrapped stETH 
Wrapped Bitcoin 
Shiba Inu 
WETH 
Chainlink 
Bitcoin Cash 
Polkadot 
Dai 
LEO Token 
Uniswap 
Litecoin 
NEAR Protocol 
Kaspa 
Wrapped eETH 
Internet Computer 
Artificial Superintelligence Alliance 
Sui 
Aptos 
Pepe 
Monero 
First Digital USD 
POL (ex-MATIC) 
Stellar 
Ethereum Classic 
Bittensor 
Ethena USDe 
Stacks 
Immutable 
OKB 
Aave 
Cronos 
Filecoin 
Arbitrum 
Render 
Injective 
Mantle 
Optimism