A Goldfinch Finance user identified as deltatiger.eth has reportedly lost around $330,000 in a targeted exploit, according to blockchain security firm PeckShield.
The attacker siphoned off approximately 118 ETH before routing the stolen assets through the crypto mixing protocol Tornado Cash, effectively obscuring the transaction trails on-chain.
Key Takeaways
- The attacker exploited a vulnerability in Goldfinch’s collectInterestRepayment() function to repeatedly withdraw inflated USDC amounts.
- About $330K worth of crypto was drained from the victim’s wallet, including 118 ETH routed through Tornado Cash.
- PeckShield warns that active token approvals on the compromised contract still pose a risk if not revoked immediately.
- The incident adds to ongoing security concerns in DeFi platforms where smart contract flaws continue to enable targeted exploits.
A Vulnerable Smart Contract and a Repeated Drain of Funds
PeckShieldAlert reported that the breach originated from an older Ethereum smart contract linked to the victim’s wallet, with the compromised address identified as:
0x0689aa2234d06Ac0d04cdac874331d287aFA4B43
The weakness was traced to the contract’s collectInterestRepayment() function — code designed for handling loan repayments within the Goldfinch ecosystem. The function allows transfers of USDC from any address that has granted token approval.
In this case, the attacker reportedly began with a modest deposit of 1,000 USDC, then repeatedly withdrew more than they deposited. This was made possible by artificially inflating the smart contract’s share price, allowing withdrawals at disproportionately high valuations.
PeckShield publicly advised:
“revoke all approvals on the contract” as an urgent prevention measure to protect remaining funds from being drained.
At the time of writing, neither Goldfinch Finance nor deltatiger.eth has issued a response. It remains unknown whether there has been any attempt by the attacker to negotiate, communicate, or demand terms following the exploit.
Inside Goldfinch’s Model and Its Broader Risks
Goldfinch Finance is a decentralized lending protocol backed by major industry names, including a16z Crypto and Coinbase Ventures. Unlike conventional DeFi lending models, Goldfinch does not require borrowers to post crypto collateral. Instead, borrowers present loan proposals that go through review by backers and auditors.
This structure, while designed to support real-world lending, has introduced unique risk factors. Without on-chain collateral, repayment assurance relies on reputation, governance enforcement, and off-chain accountability.
Goldfinch has experienced operational successes since its launch in February 2021, including:
- $1M in loans issued at launch
- Version 1.1 introduced in March 2021
- $11M raised in funding from Andreessen Horowitz
- A smart contract insurance partnership with Nexus Mutual in October 2021
According to token terminal data aggregated by Coingecko, the Goldfinch protocol currently maintains:
- $30.5 million fully diluted market cap
- $12.4 million in token trading volume over 30 days
- $91.3 million in active loans
This is not the first time the protocol has faced internal or external financial shocks.
Previous Incidents Highlight Exposure
Goldfinch lending pools have absorbed significant financial losses due to borrower defaults:
- In 2023, East African vehicle financing startup Tugende Kenya defaulted on a $5 million crypto loan, reportedly diverting nearly $2 million to its Ugandan parent company — a breach of loan terms. Warbler Labs, Goldfinch’s parent company, detected the discrepancy in December 2023.
- In 2024, Singapore-based private credit firm Lend East announced it was only able to repay about $4.25 million of a $10.15 million loan, resulting in a 58% deficit. The shortfall represented 7.7% of Goldfinch’s total active loan exposure at the time.
These incidents, while not hacks, have raised concerns over borrower reliability, governance oversight, and investor risk exposure.
DeFi Exploits Continue to Surface
The Goldfinch incident arrives amid a sequence of contract vulnerabilities across DeFi protocols. Recently, Yearn Finance’s yETH vault suffered a liquidity drain through an exploit involving flawed accounting mechanisms.
Despite high-profile security audits and increasingly sophisticated on-chain monitoring tools, attackers continue to exploit loopholes in smart contract logic, token approval permissions, or unintended economic design side effects.
What Happens Next
If approvals related to the compromised wallet are not revoked, PeckShield warns that the attacker may still have the ability to siphon additional assets.
Users interacting with Goldfinch or any protocol that relies on external contract calls are urged to review smart contract approvals through known tools such as:
- Revoke.cash
- Etherscan Token Approval Checker
For now, all eyes will be on whether:
- Goldfinch will publicly acknowledge the exploit
- deltatiger.eth will engage law enforcement or blockchain investigators
- The attacker will attempt to negotiate or extort
- Any portion of the stolen 118 ETH will ever be recovered
As of the latest available information, the wallet drain occurred around 9:30 AM UTC, and the attacker continues using Tornado Cash to launder the stolen funds, making forensic tracking more difficult.
