dForce Decentralized Protocol Losses $25 Million in Crypto to Hackers
The decentralized ecosystem of protocols dForce has lost $25 million worth of cryptocurrencies in the last 24 hours. This is according to data provided by DeFi Pulse, one of the largest data providers about decentralized finance in the crypto market. The reason behind this massive loss was an attack from hackers.
dForce Losses 100% of Assets Locked
As DeFi Pulse shows, dForce has lost 100% of its assets after experiencing an attack from hackers. The firm has lost $10 in USDT, 1.4 BTC and 55 ETH. As reported by the Chinese media outlet Chain News, Lendf.me informed that it was attacked during China’s morning.
Some users suggest that the attackers leveraged some characteristics of the imBTC implementation of the ERC 777 standards in order to get all the funds. Apparently, the funds in BTC deposited as collateral to get imBTC tokens were withdrawn without affecting the imBTC balance available to the user. In this way they used this manipulated balance to borrow against it, that’s how liquidity disappeared in just a few minutes.
The attack has the same roots of the one that drained the @UniswapProtocol imBTC/ETH pool yesterday. It leveraged the reentrancy surface provided by the imBTC implementation of the ERC 777 standards to drain all the funds. https://t.co/cWA8HFH5E5
— Emilio Frangella (@The3D_) April 19, 2020
At the moment, dForce Foundation CEO Mindao Yang, informed that they are investigating the issue. Moreover, the team behind dForce is requesting users not to deposit funds anymore on lendf.me until the whole situation gets solved.
Furthermore, just yesterday, the imBTC pool on Uniswap was attacked and experienced a massive loss of funds. The attacker used an attack vector on ERC777 tokens on Uniswap. However, BTC in custody was not impacted, according to Tokenlon DEX.
It is cleat that imBTC contracts will now to be reviewed considering they could have a negative effect on users and the funds locked. Smart contracts related to imBTC will have to be re-coded to include protection against these “re-entrancy” attacks.
The decentralized finance market has been expanding over the last years considering many users saw it was a possibility for them to be operating in the financial market without the need of having a bank account. Using cryptocurrencies as collateral it was possible to take loans and get interest on funds deposited on different platforms, among other things.
Of course, Ethereum was expected to continue its expansion with the DeFi market being one of the fastest-growing markets in the industry. However, it will be certainly important for developers to protect users’ funds against these attacks.
Back to the list