Kannagi Finance, the revenue aggregator protocol built on zkSync Era, has been engulfed in a major crisis. The project’s official website has expired, and users have discovered that the Twitter account is also missing. With the Total Value Locked (TVL) plummeting from $2.13 million to just over $24 USD, estimated user losses have exceeded $2 million. Concerns over the safety and reliability of Kannagi Finance have escalated, especially as its smart contract code remains unverified and non-transparent.
A Questionable Audit and Code Unveiled
Despite completing an audit by SolidProof, an agency under the German company Make Network, the zkSync-based Kannagi Finance smart contract code remains unverified and closed-source. This lack of transparency raised eyebrows within the DeFi community, making users hesitant to invest substantial sums into the platform. SolidProof, known for its work with notable partners such as PinkSale, BitMart, and UNCX Network, might have overlooked critical vulnerabilities, leaving the project vulnerable to exploitation.
Read more: ZkSync-based Lending Protocol EraLend Under Attack: $3.4M Loss Uncovered
Devastating Losses and Fading Trust in zkSync Era
On July 29, the nightmare became a reality as Kannagi Finance’s official website disappeared, causing panic among users. TVL which had once reached $2.13 million nearly returned to zero, leaving users with an estimated loss of $2.13 million. Twitter user @huang_yenwen had previously noticed signs of trouble when using the Cyberscan tool to check the contract code. The code had been rewritten, raising alarms, but initial assumptions suggested it might be routine for a new project. Sadly, this was far from the case, as the platform’s sudden collapse shocked the community.
SolidProof’s Response: Collaborative Investigation and Commitment to Transparency
In light of the recent incident involving zkSync-based Kannagi Finance, SolidProof has taken swift action to address the situation. In collaboration with KyberNetwork, the audit agency has established a dedicated task force to conduct a thorough investigation. Although SolidProof did not audit the Vault contracts associated with the incident, as it was audited by SolidityFinance, the registered security provider is committed to offering full support in gathering all necessary information.
In their official statement, SolidProof expressed their understanding of the severity of the matter and assured the community of their dedication to resolving the issue with the utmost diligence and transparency. Their focus remains on keeping investors and the community informed of any developments as they unfold while working diligently to bring clarity to the situation. SolidProof recognizes the importance of trust and security, and their response exemplifies their commitment to these values during this challenging time. If individuals have concerns or questions, the audit agency encourages direct communication to address them promptly.
Conclusion
The collapse of the zkSync-based aggregator protocol serves as a harsh reminder of the risks associated with the DeFi space. The project’s lack of open-source verified code and the absence of transparency in its operations led to the devastating loss of millions for its users. This incident underscores the importance of thorough due diligence and caution when participating in the DeFi ecosystem. The aftermath of Kannagi Finance’s rug pull will undoubtedly heighten scrutiny of audit agencies, project teams, and the overall safety measures taken within the DeFi industry. Users and investors must remain vigilant and prioritize security to protect their assets in this rapidly evolving financial landscape.