Hackers Steal $25 Million Worth of Crypto from Chinese dForce

The same attack was used to draw funds from Uniswap crypto exchange.

Hackers stole more than $25 million worth of cryptocurrency from leading Chinese decentralized finance protocol dForce this weekend. The attack was done when hackers exploited the vulnerabilities of Ethereum token standard.

The funds were stolen when hackers attacked Lendf.Me, a lending platform that is part of dForce. According to the data of DeFi Pulse, funds on dForce dropped from $25 million to $10.000 overnight. The stolen funds were immediately sent into top DeFi lending protocols Compound and Aave.

The attack came a few days after dForce raised $1.5 million in a seed round led by crypto Multicoin Capital venture capital fund.

A bit earlier this weekend $300.000 worth of cryptocurrency was stolen from Uniswap. A decentralized cryptocurrency exchange allows trading ERC-20 tokens.

Reentrancy attacks used to steal funds

The investigation is currently underway, however, two attacks are most likely related and carried out by the same group or individual.

The similarities between the Uniswap and Lendf.me is that both platforms used imBTC. A token runs on the Ethereum platform and is valued at a 1:1 ratio with the Bitcoin. imBTC token is operated on a decentralized exchange Tokenlon.

It is believed that the attacks targeted a vulnerability inseparable from Ethereum’s (ETH) ERC-777 token standard. ERC-777 is one of the underlying technologies of the Ethereum blockchain meant to support smart contracts. Meanwhile, both Lendf.me and imBTC run as smart contracts on the Ethereum platform.

According to Tokenlon announcement, Uniswap and Lendf.Me experienced “reentrancy attacks”. The kind of attack allows hackers to withdraw funds repeatedly before the original transaction is approved or declined. The funds drained from each platform were transferred into the attacker’s wallets, and then immediately removed to other accounts.

Both Tokenlon and Lendf.Me are temporally paused to prevent further attacks. Tokenlon also suspended its imBTC token and is blocked all new transactions to prevent new attacks against other platforms. Uniswap plans to fix the vulnerability in the nearest future.

This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Trading forex, cryptocurrencies, and CFDs pose a considerable risk of loss.

Milko Trajcevski

Milko Trajcevski is a DailyCoin news reporter, mainly focused on Ethereum (ETH), Cardano (ADA), and their founders (Vitalik Buterin and Charles Hoskinson). Milko is an avid follower of crypto and blockchain technology and has written thousands of articles on the subjects. He finds joy in transforming complex issues into written content that anyone can understand. Milko has used and analyzed numerous exchanges, such as Coinbase, FTX, and Binance. He also closely follows all of the latest news around the largest decentralized exchanges (DEXs). Location: Skopje, Macedonia