DForce's DeFi Protocol Loses Over $ 25 Million as a result of Hacker Attack
Date of publication: 20 April 2020
The next weekend was marked by an attack on the cryptocurrency service. The decentralized finance protocol (DeFi) dForce lost almost all of its assets as a result of intruder interference.
According to DeFi Pulse, on April 17, the balance on dForce wallets amounted to $ 25.38 million, but by April 19 it had fallen to $ 10,000. It is not known whether all the money was withdrawn by intruders or some of them were collected.
The attack was carried out through Lendf.Me's open-ended short-term capital market protocol. “Lendf.me confirmed the attack at 08:45 Beijing time on Sunday at block 9899681,” writes the Chinese newspaper Chain News, citing representatives of the project.
According to observers, the attack used the ERC777 token imBTC, which reflects the value of bitcoin in the Ethereum blockchain. His support at Lendf.Me was added in January. Lendf.Me is currently unavailable. Previously, it displayed a message urging users not to transfer assets to its addresses.
Robert Leshner, CEO of the popular DeFi project Compound, accused dForce of “copying the original version of their code base without changes”. “If a project does not have the skills to develop its own smart contract and instead steals and restarts someone else’s copyrighted code, this is a sign of an inability or lack of desire to take care of security,” he wrote.
On April 18, Tokenlon DEX developers also reported an attack on the imBTC pool of the Uniswap protocol, the losses from which amounted to about $ 300,000. “The hacker took advantage of the attack vector against ERC777 tokens on Uniswap. The BTC repository is not affected, ”they said.
The ERC777 format allows you to repeatedly apply to a smart contract to withdraw funds located in it, which simplifies the task of an attacker. According to Tokenlon, this algorithm was used in both attacks. A similar method was used during the sensational attack on The DAO in 2016, when hackers appropriated about $ 60 million in ETH.
A few days ago, the dForce Foundation announced the receipt of $ 1.5 million in strategic financing from Multicoin Capital, Huobi Capital and China Merchants Bank International (CMBI), an investment unit of one of China's largest banks. It was assumed that this money will go to expand the staff and launch new products.
Pi Capital Union