Defrost Finance, an ecological stablecoin project, will return $12 million in funds stolen in a December 23, 2022, exploit, despite having undergone a code audit by CertiK.

The refund will be made using on-chain data to ensure that the stolen funds are properly allocated.

The hack was initially reported by blockchain security firm Peckshield on Dec. 23, 2022 and involved two attacks: a flash loan attack that stole $173,000 and a V2 attack that stole $12 million by liquidating user positions through a fake collateral token and malicious price oracle.

The hacks have raised concerns about vulnerabilities in smart contract code and the usefulness of code audits in evaluating the legitimacy of decentralized finance (DeFi) projects.

Both Defrost and Rubic Finance, which had also been hacked and had undergone a code audit by CertiK, had centralization issues in their smart contracts.

These issues can compromise the security of a project if a hacker gains access to a shared code block or variable.

CertiK advises investors to conduct their own due diligence and its reports contain a disclaimer stating that the company does not guarantee the security or functionality of the technology it analyzes.