PeckShield Inc. has been accused by stablecoin yield layer Synnax Labs of refunding and removing an audit after the crypto security firm allegedly overlooked the same bug that caused the $1.7 million hack of DeFi lending protocol Abracadabra.
Synnax Labs, which is a fork of Abracadabra, first asked for a refund after discovering several vulnerabilities that weren’t spotted by PeckShield in its audit. According to Synnax Labs, the audit “lacked sufficient depth.”
The company also claimed that, “After refunding, PeckShield removed the audit report and related correspondence — an unprofessional move that undermines transparency.”
The firm disclosed the refund after PHD student and blockchain specialist, Weilin Li, questioned Synnax Labs’ activity in relation to the Abracadabra hack on October 4.
Li claims that Synnax Labs was the only fork of Abracadabra’s Magic Internet Money (MIM) with total value locked (TVL) that was vulnerable to the attack.
Read more: No crying in the casino: XPL bug hits Aster, Hypervault rug pull suspected
They note how Synnax Labs patched this vulnerability four days before the exploit, how PeckShield deleted the audit, which didn’t include this vulnerability, before asking the question, “What happened?”
Li added, “I have no opinion or comment on this event. I am just listing some facts.”
Indeed, Synnax Labs claims that the contracts were paused and patched “proactively” four days before Abracadabra’s exploit, before elaborating on what happened with the audit.
Abracadabra has lost over $21 million in major DeFi hacks
Abracadabra reportedly suffered the hack after a flaw in the protocol’s cook function was exploited to manipulate its solvency checks.
The funds were subsequently sent to Tornado Cash before Abracadabra bought back MIM and fully recovered. PeckShield didn’t flag the Abracadabra exploit on its alert account.
Abracadabra has suffered three major DeFi exploits since 2024, losing over $21 million.
In January 2024, it lost $6.5 million after a hacker appeared to have exploited a rounding error in its CauldronV4 smart contract code.
Then, over a year later, it was hacked for $13 million worth of ether after following an exploit with the contract’s collateral accounting mechanism.
Protos has reached out to Synnax Labs and PeckShield Inc. for comment and will update this piece should we hear back.
Got a tip? Send us an email securely via Protos Leaks. For more informed news, follow us on X, Bluesky, and Google News, or subscribe to our YouTube channel.
Source: https://protos.com/inside-the-fallout-from-peckshields-synnax-labs-audit/
