DForce hacked: DeFi protocol loses $25 M in Bitcoin and Ethereum

Leading Chinese DeFi protocol dForce fell victim to a hack and nearly 25 million dollars. The dForce hack caused the protocol to lose nearly 99.95 percent of all locked funds to the attackers. The hack has also caused its Lendf.Me lending platform to go offline.

DForce hack

According to the DeFi (decentralized finance) data aggregator DeFi Pulse, the total value of locked funds under dForce’s protocol has decreased from nearly 25 million dollars to just 10,000 dollars overnight. 

The platform’s CEO confirmed the dForce hack on Telegram and announced that the platform was breached on April 19 during block height 9.989.681. He stated that the platform’s managing team is currently investigating the breach and requested all users to avoid placing any assets on the Lendf.Me platform.

Reportedly, the attack exploited a vulnerability inherent to Ethereum’s ERC-777 token standard.

The same vulnerability was used to steal over 300,000 dollars of wrapped Bitcoin from smart contracts from Uniswap decentralized exchange (DEX). Uniswap is a DEX containing imBTC, an ERC-777 based tokenized BTC that is operated by Tokenlon. In response to the attack, Tokenlon reported that all BTC stored in custody was safe while they had temporarily disabled imBTC transfers.

DForce integrated support for imBTC on its platform in January, leading to speculation that it may have been used to exploit dForce.

The hack took place less than a week after venture capital firm, Multicoin Capital announced that it had led the protocol’s seed round that raised 1.5 million dollars of funding. 

Multicoin Capital principal, Mable Jiang, stated that dForce was building DeFi’s first super network of decentralized protocols and compared it to the likes of Asian super-apps such as WeChat and Alipay.

Featured image by pixabay.

About the author