en.cryptonomist.ch
A serious attack on the Uniswap Decentralized Finance (DeFi) platform has taken place in recent hours, and in particular against an imBTC pool, as reported by Julien Bouteloup.
imBTC @tokenlon pool on @Uniswap has been attacked & drained🔥
Simple attack vector on ERC777 (with arbitrary code execution during transfer fct) on Uniswap to steal >$300k (#ETH+#BTC)
The vulnerability was described 16mths ago: https://t.co/a3AiJyY969 https://t.co/MKC2jNP1Y4 pic.twitter.com/cXOVu6le3P
— Julien Bouteloup (@bneiluj) April 18, 2020
As stated, the attack involved the pool of imBTC, a token that replicates the value of Bitcoin (BTC) on Ethereum. The hackers thus stole more than 300 thousand dollars in the form of imBTC and Ethereum (ETH), by means of a simple attack using ERC777 tokens.
On this GitHub page, the attack is explained from a technical point of view. Since it was a public document for over a year, the problem was known for a long time and so, in theory, there was already work being done to solve the issue, even if in vain.
And so, it was certainly a foreseeable attack.
Not the first attack on DeFi and not the last one either.
Unfortunately, this is not the first attack on a service dedicated to decentralized finance, for we can recall the double attack suffered by bZx a few weeks ago as a result of which the platform lost millions of funds.
It is quite normal for DeFi, like all new emerging technologies, to have problems considering that this is a sector in its infancy and it is therefore normal that it is not yet perfect or resistant to external attacks. A similar problem had also happened to MakerDAO, an industry leader with over $400 million locked, which a month ago had to save the protocol from a big bug, introducing also USDC as collateral to tackle the problem.
Moreover, after this first attack on the pool, the criminals tried to hit the dForce protocol, causing the loss of $25 million through the Lend platform.