A few hours ago, the DeFi Prime explorer reported unusual activity on the dForce multi-purpose protocol. It soon became apparent that the protocol's funds were drained 100%.
New Hack, Same Tools
According to DeFi Prime, decentralized ecosystem dForce, which offered a 'stablecoin protocol, liquidity protocol, lending protocol' lost all of its funds. The total amount exceeded approximately $25M in the USD.
It looks like LendfMe / dForce protocol being drained ? pic.twitter.com/UEqSEpSOfT
— defiprime (@defiprime) April 19, 2020
Major DeFi explorers revealed the overall picture of this tragedy. As demonstrated by DeFi Pulse, hackers accessed the enormous sums of Bitcoin (BTC), Ethereum (ETH) and U.S. Dollar Tether (USDT).
Initial investigations carried out by several DeFi and Ethereum (ETH) experts show that this hack may have been caused by a vulnerability of imBTC-ETH interaction, which is required for lending protocols. imBTC is one of the Bitcoin-pegged assets designed in accordance with the ERC-777 standard. This bug made for a number of DeFi attacks possible, including a recent Uniswap hack.
Too Many Red Flags
dForce has already been accused in plagiarizing code for one of the industry-level protocols, Compound. This fact is among the 'red flags' of today's victim Kain Warwick, Synthetix's Founder.
Hey @LendfMe @dForcenet do you have any comments on this story with the code you had copy-pasted from @compoundfinance ?https://t.co/kvXlekXax5 pic.twitter.com/EuikOsoFhz
— defiprime (@defiprime) January 31, 2020
It is worth noting that the price of Ethereum (ETH) reached its post-Black Thursday high at $183 on spot exchanges. So, this may even increase the loot for hackers that have already started transferred funds - $6M has already been discovered in the Aave protocol.
Yuri Molchan
Arman Shirinyan
Tomiwabold Olajide
