Cryptocurrency
DeFi
Exchanges
Stablecoins
NFTs
Wallets
Bitcoin
Ethereum
Tokens
ICOs
IEOs
Technology
Crypto
Banking
Supply Chain
Security
Healthcare
Mining
AI
Advertising
Gaming
Retail
Education
Analytics
Hosting
Business
Partnerships
Investments
Adoption
Acquisitions
Conferences
IPOs
Legal
Lawsuits
Patents
Politics
Fraud
Research
Guides
Opinion
Cryptocurrency
Technology
Business
Legal
Politics
Fraud
Research
Guides
Opinion
The Chain Bulletin logo

dForce Refunds Users After $25 Million Hack

  • The attack, which took place on 29 April, exploited a known vulnerability in the ERC-777 token standard.
  • Two days after the hack, the attacker returned the stolen digital assets, after accidentally revealing his identity during a transfer.
by Krasimir Buchvarov April 28, 2020, 10:58 PM

Cryptocurrency lending platform dForce, which was hacked last week, has returned all of the stolen digital assets to its affected users, the firm said in a Tweet on 27 April.

According to the announcement:

“Over 90% of assets have been distributed to users in less than 24 hours. 100% users have been made whole in the recovery”.

The refund follows closely after the “Asset Redistribution Plan” the company released om Sunday.

The attack, which saw $25 million worth of cryptocurrency stolen from the platform, was carried out on 19 April. The hacker took around three hours to withdraw around 99.5 percent of the locked funds using a known vulnerability in the ERC-777 token standard, called reentrancy attack. The attacker used the imBTC stablecoin as a Trojan horse for the attack, and exploited a crucial flaw in the Lendf.me contracts and how they update the user’s balance.

On April 21, two days after the hack, all funds were returned to dForce after the attacker accidentally revealed his identity during a transfer. At the time dForce CEO, Mindao Yang, said in a blog post:

“It’s with great relief that I report that nearly all of the stolen funds have been recaptured through the efforts collaboratively made by our partners, law enforcement, investors, the community, and our team members.”

On 14 April, the dForce Foundation completed a $1.5 million seed round led by Multicoin Capital, and joined by Huobi Capital and CMB International. The company is allegedly planning to use the newly acquired funds to grow its team, and launch new DeFi products in 2020.

Discussion
Related Coverage
The TVL of dForce’s Lending Protocol Has Grown 84% in a Week
  • Since the launch of dForce Lending, dForce’s TVL increased by over 84%.
  • The lending protocol is set to see new features in the following months.
March 9, 2021, 4:24 PM
Businessman looking up at growing lines

Shutterstock

Bitgrail’s Founder Responsible for Hacks, Italian Police Allege
  • Italy’s Postal and Communications Police has accused Francesco Firano, the founder of the exchange, of fraud related to the hacks on the exchange in 2018.
  • During its investigation, the police found Firano had transferred 230 BTC to his personal account three days before reporting the hacks.
Chainalysis: More Successful Hacks in 2019, Compared to 2018, Less Money Stolen Overall
  • While exchanges are doing a better job with security best practices, hackers are also moving to more sophisticated attacks.
  • CoinJoin and obfuscation services are still not popular with hackers, most of the stolen money goes directly into other exchanges.