5 Hackers Attacked ForceDAO on Launch Day
- The newly launched DeFi platform lost 183 ETH only hours after it launched its airdrop campaign.
- One of the five attackers turned out to be a “white-hat” hacker, who assisted the ForceDAO team and prevented further losses.
Shutterstock
Decentralized finance (DeFi) protocol ForceDAO suffered an attack from several hackers on Sunday morning, draining the project out of 183 Ethereum (ETH), the project said on Twitter on 4 April.
According to the post mortem of the accident, five hackers were responsible for the attack on ForceDAO, which occurred only hours after the project had launched its airdrop campaign on 3 April. One of the attackers, however, turned out to be a “white-hat” hacker, who assisted the team by alerting them of the exploit before further damages were dealt to the platform. The ForceDAO team said in a statement:
“We take responsibility for this engineering oversight and have begun processes to ensure any such incidents are mitigated in the future. We also want to thank the White Hat hacker who helped deter further FORCE tokens from being drained. We have a bounty for you.”
The team further explained in the post mortem that only the xFORCE platform was affected, and that all “funds on our platform are safe”. xFORCE is described as the “interest-bearing” version of FORCE, and is a fork of a SushiSwap smart-contract that contains a mechanism to revert tokens when a transaction has failed. The attackers exploited a flaw in the contract used by ForceDAO, and were able to mint xFORCE tokens, which were then withdrawn and exchanged for ETH. The team admitted that:
“This could’ve been prevented by using a standard Open Zeppelin ERC-20 or adding a safeTransferFrom wrapper in the xSUSHI contract.”
After the team had dealt with the unexpected situation, they decided to transfer 60 million FORCE tokens from the platform’s multi-signature wallet and into a deployer wallet. They then used the tokens to create and execute three votes that would “effectively burn the FORCE balances” in three of the hackers addresses.
The ForceDAO team is now working with two separate security firms, who are reviewing and analyzing “our repos to ensure all contract systems perform as designed”. They are also working with the relevant authorities on investigating the hack, as some of the addresses originated from the FTX and Binance exchanges.
Shortly after the launch of the project, its native FORCE token had increased in value to around $2.30, but since the accident has fallen in price by 97%, and is now trading for $0.09.
- Decentralized finance (DeFi) has become one of the hottest trends in the crypto world as it’s more transparent and decentralized than traditional finance.
- Here are our top picks of DeFi projects that have a good potential growth, and some of the protocols that did not made the list, such as RING Financial.
Shutterstock
- 2022 is on the verge of becoming the largest year for crypto crime ever, with close to $3 billion being stolen so far.
- The majority of the hackers focused on cross-chain bridges and decentralized finance apps.
- Investment opportunities in defi are innumerous, but finding the best hasn’t been an easy task thus far.
- Yield Samurai is a decentralized finance data aggregator that helps investors find the highest-yielding pools in a few clicks.