dForce, a decentralized finance platform (DeFi), lost $3.65 million in a hacker attack, the company’s second invasion.
The DeFi platform is known for offering trading and lending services to investors on seven different blockchains, including Ethereum, Binance Chain, Optimism, and Avalanche.
The attack was spotted by Twitter user @ZoomerAnon and later confirmed by blockchain security firm PeckShield. the hacker exploited a re-entry vulnerability present in a smart contract function used by dForce to get oracle prices.
Today’s estimated loss @dForcenet hack is ~$3.65 million (with 1,236.65 ETH + 719,437 USX on @arbitrum and 1,037,492 USDC up @optimismFND). Our initial analysis shows that the cause is an oracle price issue. More details to follow! https://t.co/PEzoX1emdp pic.twitter.com/tI9BPcfvWH
— Peck Shield Inc. (@peckshield) February 10, 2023
Stay informed!
Get the most important news of the day.
Thank you!
You are now receiving our Newsletter.
second hack
Security company Peckshield emphasized that funds were stolen in two tiers: Arbitrum and Optimism. According to a tweet from PeckShield, the reported losses were related to three different cryptos, specifically 1,236.65 ETH and 719,437 USX.
PeckShield also highlighted that there was about 1,037,492 stolen USDC in @optimismFND. Reports indicate that their initial analysis shows that the root cause is an oracle pricing issue. The total loss is about $1.91 million on Arbitrum and $1.73 million on Optimism.
According to another blockchain security company, BlockSec, the main cause of the recent problem is a read-only re-entry attack around the curve pool. BlockSec noted that the price oracle used by the dForce lending protocol can be easily manipulated by attackers.
A re-entry attack occurs when a hacker exploits a flaw in a smart contract and repeatedly withdraws funds transferred to an unauthorized contract.
Once the attacker manipulates the oracle, he can liquidate positions at favorable prices and make a profit.
1/ @dForcenet attacked in both @arbitrum And @optimismFND . The root cause is the known read-only return in the curve pool. pic.twitter.com/oMCBwspqPl
— BlockSec (@BlockSecTeam) February 10, 2023
Company is requesting a refund
The latest attack raises questions about the security and robustness of DeFi platforms, which are becoming increasingly popular with investors. While dForce has confirmed the attack, it remains to be seen whether affected users will be compensated.
dForce is expected to provide more information on the measures it is taking to protect its users’ funds and patch the vulnerability exploited by the hacker.
When dForce learned of the attack, officials suspended the operation of all smart contracts to prevent the theft of other digital assets. According to platform representatives, as a result of the hacker’s actions, the platform incurred a debt of US$2.З million, but service customers were not affected.
The dForce team sent a message to the hacker using a transaction on the Arbitrum network, saying they supposedly discovered his IP address and other personal information, then asked him to voluntarily return the stolen coins in exchange for a reward. Otherwise, the information will be passed on to the authorities.
“We have reached out to security company @SlowMist_team and our ecosystem partners to investigate the matter and would like to offer the explorer a reward if the money is returned. Stay tuned for more updates,” dForce said.
wstETH/ETH Curve gauge vaults on Arbitrum & Optimism were exploited a few hours ago and we immediately paused the dForce Vaults – other parts of the protocol remain intact and user funds are SAFE with dForce Lending.
We will come back soon with a detailed report and solutions.
— dForce (@dForcenet) February 10, 2023
The new attack on dForce comes two years after the protocol lost $25 million in a major attack on the protocol. However, the attacker returned almost all of the stolen money.
While the recent attack stole a smaller amount of money, it is the latest in a long line of attacks targeting the DeFi ecosystem, one of the fastest growing ecosystems in the industry.
According to a report published by TRM Labs, more than $3.7 billion was lost due to cryptocurrency hacks in 2022, with more than 80% of those going through DeFi protocols.
Source: Live Coins
Barry Siefert is an accomplished journalist and author at The Nation View. He is known for his expertise in the field of cryptocurrency, and has written extensively on the topic. With a background in finance and economics, Barry has a deep understanding of the underlying technology and market forces that drive the crypto industry.