Kokomo tokens fell 95% after all social media presence was deleted.

It appears that developers behind the Optimism-based lending protocol Kokomo Finance conducted an exit scam over the weekend, manipulating tokens on the protocol to effectively steal $4 million from users.

Once a large amount of money has been attracted to a crypto project, exit scams are said to occur when developers or promoters pull liquidity and erase all online or offline presence.

The Kokomo Finance service was launched on March 25 and allows users to trade, borrow, and lend bitcoin (BTC), ether (ETH), tether (USDT), USD Coin (USDC), and dai (DAI). On Sunday night, Kokomo developers deployed an attack contract cBTC from the main address of Kokomo, its native token. In order to interact with the rest of the protocol, they set the reward speed, paused the borrow feature, and created a malicious contract, CertiK said.

A wrapped bitcoin derivative issued on the Ethereum network, cBTC, was used to trick the protocol into believing it had more liquidity when it didn’t.

This developer address was then used to maliciously approve the transfer of spending over 7000 Sonne Wrapped Bitcoins, another bitcoin derivative token on Ethereum. These tokens were then used to swap all user-supplied liquidity to Kokomo.

In Asian morning hours, social media accounts and the Kokomo website were quickly deleted.