Pac Finance users mistakenly faced liquidation, and frequent issues with Blast's "Factory Project" have raised concerns.

On April 12, a user of the lending application Pac Finance on Blast claimed to have suffered a $24 million liquidation on April 11 due to a sudden change in parameters in the developer's wallet.

Pac Finance allows cryptocurrency holders to deposit funds and earn interest through lending capital. To ensure repayment, borrowers are only allowed to borrow a certain percentage of the collateral value, known as the Loan-to-Value ratio (LTV). According to blockchain data from the Blast network, on April 11, the Pac Finance developer wallet called a function on its PoolConfigurator-Proxy contract at 1:06 UTC, setting the LTV for ezETH to 60%.

The LTV can be changed by the development team, but it is usually only implemented after an announcement. However, this time, the parameter change by Pac Finance was not announced through official channels, leading to the liquidation of platform users.

After the liquidation incident escalated, Pac Finance team members clarified in the community that it was not a lack of announcement but rather the decision was announced when replying to others. They stated that the team had previously instructed the engineer responsible for the contract to modify the LTV, but the engineer unilaterally modified the liquidity threshold without communicating with the team, leading to this issue. "We are investigating with several security audit experts such as pacman and zachxbt and contacting the affected users."

Pac Finance is the first hybrid lending protocol on Blast, with both peer-to-peer lending and pool lending functions. Previously, it became a popular interactive protocol due to airdrop expectations. After this unwarranted liquidation incident, the community also recalled the previous projects of the founding team, which also staged a drama event.

In May last year, the NFT lending protocol ParaSpace staged an internal conflict drama, with multiple KOLs warning of internal conflicts within the ParaSpace team and advising users to withdraw funds as soon as possible. This incident quickly spread within the community, and many users, out of panic, withdrew funds from ParaSpace despite high gas fees. In this turmoil, the "project control" and "team trust" of the ParaSpace founding team were questioned to a certain extent, although they later ensured the security of user funds, they were significantly affected in terms of market sentiment. Subsequently, ParaSpace announced a merger and rebranding with Parallel Finance to create ParaX.

Returning to the Pac Finance incident, it is not the first project on Blast to encounter fund security issues. Blast, as a Layer2 project that emerged at the end of last year, generated many early native projects due to the rendering of airdrop expectations and explosive growth in TVL, but at the same time, it also encountered many problems.

In early March, the Blast lending protocol Orbit Lending was also accused by KOLs of having issues with the liquidation threshold. The protocol stated an 83% liquidation threshold, but in reality, liquidation would occur at 80%. However, the project later compensated the affected users.

During the same period, the Blast ecosystem project Munchables claimed to have been attacked, with suspicions of issues in the locked contract, resulting in the theft of 17,400 ETH (approximately $62.3 million). SomaXBT revealed that Munchables had previously hired an unknown security team, EntersoftTeam, to issue an audit report in order to save on audit fees. The team's account description was "We are an award-winning application security company with certified white-hat hackers," but the platform had only a few hundred followers.

Related reading: "Review of the Munchables Theft of 17,400 ETH Incident in the Blast Ecosystem"

After analysis by ZachXBT, it was revealed that the four different developers hired by the Munchables team may all be the same person. However, on the same day, the Munchables attacker returned 17,000 ETH, leaving the community puzzled.

Overall, in the world of cryptocurrency, security is always a critical issue. Regardless of how much funding is obtained, ensuring the security of user funds is the essential duty of a good project.

Welcome to join the official community of BlockBeats:

Telegram Subscription Group: https://t.me/theblockbeats

Telegram Communication Group: https://t.me/BlockBeats_App

Twitter Official Account: https://twitter.com/BlockBeatsAsia