en
Back to the list

ForceDAO Exploited for $367K After Launch Due to "Engineering Oversight" | Finance Magnates

Security

www.financemagnates.com 05 April 2021 06:20, UTC
  
Reading time: ~2 m

ForceDAO, a newly-launched DeFi aggregator, seems to have gotten off on the wrong foot. Hours after it launched, several malicious hackers managed to exploit 183 ETH–worth roughly $367,000–from the platform. A “white hat” hacker alerted the team and helped to prevent further losses from being incurred.

In a post-mortem report of the attack, ForceDAO has explained that the hackers were able to abscond with the funds due to an “engineering oversight.” According to CoinTelegraph, the ForceDAO team also made the decision to transfer 60 million FORCE tokens from the platform’s treasury wallet into a “deployer” wallet. This will begin the process of burning the balance of FORCE tokens that have been moved to the hacker’s wallet addresses.

Looking Forward to Meeting You at iFX EXPO Dubai May 2021 – Making It Happen!

POST-MORTEM

To the Force and DeFi community, we'd like to share a post-mortem on the recent xFORCE exploit.

Thanks to everyone technical and non-technical who helped along the way.

Especially to the White Hat who helped deter FORCE getting drained.https://t.co/MK2GH69yLd

— Force (@force_dao) April 4, 2021

The platform also clarified in the post-mortem that “all funds on our platform are safe, only xFORCE was affected.”

What happened?

According to the post-morterm, the hackers exploited a fork of a SushiSwap smart contract. The smart contract contained a mechanism that cold revert tokens that were used in failed transactions. Hackers exploited a flaw in this contract that essentially allowed them to mint xFORCE tokens, which were then withdrawn and exchange for ETH.

The ForceDAO team has acknowledged that the exploitation was preventable: ““This could’ve been prevented by using a standard Open Zeppelin ERC-20 or adding a safeTransferFrom wrapper in the xSUSHI contract,” the team said.

The team also noted that some of the addresses that allegedly belong to hackers originate from two popular cryptocurrency exchanges: FTX and Binance. The ForceDAO team wrote that “we’re currently engaged with 2 separate security firms to review and analyze our repos to ensure all contract systems perform as designed.”

As a result of the drama surrounding the launch, FORCE token prices have dropped significantly. CoinTelegraph reported that “following the launch and airdrop, FORCE token prices surged to over $2 on Apr. 4, but have since crashed over 95% to $0.05” as of 8am GMT on April 5th. At press time, the price of FORCE was roughly $0.07.


   Source
Back to the list