Over the weekend, there was a hack of the dForce DeFi protocol where the ETH DeFi hacker netted $25 million worth of crypto. However, in a turn of events, the attacker returned the stolen funds and some believe it was because of poor hacking practice that exposed his identity but let’s read more in the Ethereum news today.
The attack on dForce resulted in losing $25 million worth of ETH and other stablecoins. More specifically the attack targeted Lendf.Me which is an open-source market protocol, a part of the dForce network. dForce operates two protocols and one of them is USDx. This one is a meta-stablecoin that is pegged to a basket of stablecoins such as PAX, TUSD, and USDC.
Like most of the DeFi protocols, Lendf.Me operates by simply matching the supply and borrowing ETH-based ERC-20 tokens. it allows the users to deposit ERC20 stablecoins to earn interest or to borrow supported assets using crypto as collateral. The attack gained $10 million of ETH, $4.4 million Bitcoin and $10 million in other stabelcoins.
According to the blockchain security researchers, PeckShield was the attacked that exploited the bug in the lending function which approved the release of funds in collateral exchange for the imBTC token that is pegged to Bitcoin and Ethereum:
“the deposit function, i.e., supply() in Lendf.Me is hooked by embedding an additional withdraw() operation, leading to the effect of increasing the internal record of the attacker’s imBTC collateral amount without actually depositing the amount.”
The CEO of the DeFi protocol Compount, Robert Leshner, launched a scathing attack on DForce and accused it of stealing the code. Earlier this morning, the ETH DeFi hacker returned all of the funds but it seems that the stabelcoins were exchanged for other crypto assets before returning. The Director of Research at The Block, Larry Cermak, explained some critical oversights that were made by the attacker during the laundering process.
While moving the stolen ETH and other assets to exchanges, the hacker used a VPN but most hackers would facilitate the transfer using a decentralized network such as Tor. The leaked metadata such as the IP address also left a trace to his identity from the server operator.
buy amitriptyline generic buy amitriptyline online no prescription
Sergej Kunz, the CEO of 1inch exchange which was used to launder the stolen funds, was willing to explain the issue:
“He seems to be a good programmer, but an inexperienced hacker.”
DC Forecasts is a leader in many crypto news categories, striving for the highest journalistic standards and abiding by a strict set of editorial policies. If you are interested to offer your expertise or contribute to our news website, feel free to contact us at editor@dcforecasts.com
Discussion about this post