Velodrome recovers $350K stolen funds from team member Gabagool

Published at: Aug. 14, 2022

Velodrome Finance, a trading and liquidity marketplace, announced the recovery of $350,000 stolen on Aug. 4. However, the occasion turned bittersweet when internal investigations pointed out the involvement of a prominent team member, who goes by the pseudo name Gabagool.

On Aug. 4, one of Velodrome’s high-worth wallets — dedicated for operating funds such as salaries — was drained off $350,000 before it could be transferred to the company’s treasury multisig wallet. A subsequent internal investigation revealed the attacker’s identification, which allowed the company to recover the entire loot. Velodrome’s official statement revealed:

“Much to our disappointment, we learned the attacker was a fellow team member Gabagool.”

While many community members came in support of the prominent coder, Gabagool owned up to the allegations made against him following Velodrome’s investigation. 

An update from Velodrome on our investigation into the team wallet exploit. pic.twitter.com/sz1ePStcT0

— Velodrome (,) (@VelodromeFi) August 13, 2022

Nearly six hours into the revelation, Gabagool released a note revealing various events that led him to attempt theft. Velodrome’s biggest mistake was to give ownership of its wallet’s private key to five individuals, which included Gabagool.

Gabagool, just like many other investors, lost vast amounts of money during the 2022 crypto crash. In an attempt to recoup losses, Gabagool made the hasty decision of withdrawing $350,000 in various cryptocurrencies only to convert it to Ether (ETH) and send it to Tornado Cash.

By the time Gabagool decided to return the stolen funds, Velodrome investigators “revealed they had already discovered my involvement.” He ended the note by stating:

“Not much else to say. I’m extremely stupid, incredibly disappointed in myself and (frankly) unsure about what next, legally speaking.”

On the other hand, Velodrome disclosed working with the legal counsel to determine the next steps. Going forward, Velodrome has decided to revoke ownership of private keys from team members and instead set up gnosis safes for all monetary operations.

Related: BlueBenx fires employees, halts funds withdrawal citing $32M hack

BlueBenx, a Brazilian crypto lending platform, too, encountered a hack, but what followed was incomparable to Velodrome Finance. BlueBenx reportedly blocked all of its 22,000 users from withdrawing their funds following an alleged hack that drained $32 million.

While no details about the hack were revealed, numerous investors raised eyebrows on the matter, with one stating:

“I think there's a high probability of it being a scam because this whole hacker attack story seems like a lot of bullshit, something they invented.”

The lack of trust among investors stems from the fact that numerous crypto platforms have recently halted funds withdrawal while hiding their incompetency in fulfilling the previously promised yield returns to the users.

Tags
Related Posts
‘DeFi done right’: Layer-one protocol launches mainnet
A decentralized finance protocol has launched its mainnet — describing it as a crucial step on the journey to a frictionless financial future. Radix, which describes itself as a platform for smart money, is also launching Instapass with its Olympia mainnet — an optional user and developer service that delivers the world’s first single sign-on solution for building compliant DeFi. The Radix mainnet is being positioned as a generational improvement in the history of decentralized ledger computing — and one that delivers 100 times more executional efficiency than the Ethereum Virtual Machine. This comes hot on the heels of the …
Decentralization / July 29, 2021
Ethereum advances with standards for smart contract security audits
The Ethereum ecosystem continues to witness a flurry of activity that has individuals and organizations deploying token contracts, adding liquidity to pools and deploying smart contracts to support a wide range of business models. While notable, this growth has also been riddled with security exploits, leaving decentralized finance (DeFi) protocols vulnerable to hacks and scams. For instance, recent findings from crypto intelligence firm Chainalysis show that crypto-related hacks have increased by 58.3% from the beginning of the year through July 2022. The report further notes that $1.9 billion has been lost to hacks during this timeframe — a figure that …
Adoption / Aug. 22, 2022
Bent Finance confirms pool exploit, advises investors to withdraw funds
Staking and farming platform Bent Finance joins the list to become the sixth crypto establishment to get hacked in December. The acknowledgment of the attack was followed by requesting investors to withdraw their pool funds and disabling the reward claims on the compromised platform. Bent Finance first realized the exploit on Monday at roughly 8:55 PM EST, a timeline when the company reported no loss of funds. However, the community suspected a rug-pull event when blockchain investigator PeckShield allegedly located the source of the hack transactions. We have located the hack tx, which interestingly is sent from the Bent Finance: …
Blockchain / Dec. 21, 2021
Rari Fuze hacker offered $10M bounty by Fei Protocol to return $80M loot
Decentralized finance (DeFi) platform Fei Protocol offered a $10 million bounty to hackers in an attempt to negotiate and retrieve a major chunk of the stolen funds from various Rari Fuse pools worth $79,348,385.61 — nearly $80 million. On Saturday, Fei Protocol informed its investors about an exploit across numerous Rari Capital Fuse pools while requesting the hackers to return the stolen funds against a $10 million bounty and a “no questions asked” commitment. We are aware of an exploit on various Rari Fuse pools. We have identified the root cause and paused all borrowing to mitigate further damage. To …
Blockchain / May 1, 2022
Can Web3 be hacked? Is the decentralized internet safer?
Web3 came into existence posed as a blockchain-powered disruption to the current state of the internet. Yet, as a nascent technology, a fog of assumptions plagues discussions about the real capabilities of Web3 and its role in our day-to-day lives. Considering the promise of a decentralized internet using public blockchains, a complete transition to Web3 would require scrutiny across several factors. Out of the lot, security stands as one of the most crucial features as, in a Web3-powered world, tools and applications hosted over the blockchains go mainstream. Smart contract vulnerabilities While the blockchains that host Web3 applications remain impenetrable …
Adoption / Aug. 21, 2022