dForce DeFi Protocol Hacked, $25M in Bitcoin (BTC) and Ethereum (ETH) Stolen


Vladislav Sopov

Today, the worldwide DeFi community witnessed probably its most devastating hack ever. The attack on the dForce protocol (aka Lendf.me) resulted in a $25M total loss.

Contents

A few hours ago, the DeFi Prime explorer reported unusual activity on the dForce multi-purpose protocol. It soon became apparent that the protocol’s funds were drained 100%.


New Hack, Same Tools


According to DeFi Prime, decentralized ecosystem dForce, which offered a ‘stablecoin protocol, liquidity protocol, lending protocol’ lost all of its funds. The total amount exceeded approximately $25M in the USD.



Major DeFi explorers revealed the overall picture of this tragedy. As demonstrated by DeFi Pulse, hackers accessed the enormous sums of Bitcoin (BTC), Ethereum (ETH) and U.S. Dollar Tether (USDT).


Image by DeFi Pulse

Initial investigations carried out by several DeFi and Ethereum (ETH) experts show that this hack may have been caused by a vulnerability of imBTC-ETH interaction, which is required for lending protocols. imBTC is one of the Bitcoin-pegged assets designed in accordance with the ERC-777 standard. This bug made for a number of DeFi attacks possible, including a recent Uniswap hack.


Too Many Red Flags


dForce has already been accused in plagiarizing code for one of the industry-level protocols, Compound. This fact is among the ‘red flags‘ of today’s victim Kain Warwick, Synthetix’s Founder.



It is worth noting that the price of Ethereum (ETH) reached its post-Black Thursday high at $183 on spot exchanges. So, this may even increase the loot for hackers that have already started transferred funds – $6M has already been discovered in the Aave protocol.