fbpx

Hackers Steal $25 Million Worth of Crypto from Chinese dForce

Hackers stole more than $25 million worth of cryptocurrency from leading Chinese decentralized finance protocol dForce this weekend. The attack was done when hackers exploited the vulnerabilities of Ethereum token standard.

The funds were stolen when hackers attacked Lendf.Me, a lending platform that is part of dForce. According to the data of DeFi Pulse, funds on dForce dropped from $25 million to $10.000 overnight. The stolen funds were immediately sent into top DeFi lending protocols Compound and Aave.

The attack came a few days after dForce raised $1.5 million in a seed round led by crypto Multicoin Capital venture capital fund.

A bit earlier this weekend $300.000 worth of cryptocurrency was stolen from Uniswap. A decentralized cryptocurrency exchange allows trading ERC-20 tokens.

Reentrancy attacks used to steal funds

The investigation is currently underway, however, two attacks are most likely related and carried out by the same group or individual.

The similarities between the Uniswap and Lendf.me is that both platforms used imBTC. A token runs on the Ethereum platform and is valued at a 1:1 ratio with the Bitcoin. imBTC token is operated on a decentralized exchange Tokenlon.

It is believed that the attacks targeted a vulnerability inseparable from Ethereum’s (ETH) ERC-777 token standard. ERC-777 is one of the underlying technologies of the Ethereum blockchain meant to support smart contracts. Meanwhile, both Lendf.me and imBTC run as smart contracts on the Ethereum platform.

According to Tokenlon announcement, Uniswap and Lendf.Me experienced “reentrancy attacks”. The kind of attack allows hackers to withdraw funds repeatedly before the original transaction is approved or declined. The funds drained from each platform were transferred into the attacker’s wallets, and then immediately removed to other accounts.

Both Tokenlon and Lendf.Me are temporally paused to prevent further attacks. Tokenlon also suspended its imBTC token and is blocked all new transactions to prevent new attacks against other platforms. Uniswap plans to fix the vulnerability in the nearest future.

This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed to be financial legal or tax advice. Trading Forex, cryptocurrencies, and CFDs poses a considerable risk of loss

Rate This Article
In order to improve, we give you the opportunity to rate DailyCoin content
Author

DailyCoin is an online media outlet, with a focus to cover blockchain and crypto news, opinions, trends and helpful articles. We focus on delivering fast and objective news about cryptocurrencies and crypto markets with a swirl of passion. Our dedicated and motivated global team is here to deliver the highest quality content. If you want to collaborate with DailyCoin and become our contibutor, please contact us at [email protected]