The Largest DeFi Hack: dForce Engaging with the Attacker For The $25M In Stolen Funds


In the largest decentralized finance (DeFi) hack so far, $25 million were drained from the dForce smart contract.

On April 19, Lendf.Me, the lending protocol in the Multicoin Capital-backed network dForce was attacked. As per the company's report, they became aware of the breach at 9:15 am (UTC+8) and temporarily paused Lendf.Me and USDx.

The hackers exploited a weakness with a mix of using ERC777 tokens and DeFi smart contract to secure the reentry attack. In this attack, 99.9% of dForce’s funds have been lost which also includes the funds of the co-founder himself.

Source: DeFiPulse

Mindao YANG, Founder of dForce and founding partner of Blockpower Capital wrote,

“The callback mechanism enabled the hacker to supply and withdraw ERC777 tokens repeatedly before the balance was updated.”

According to Yang, they have been contacted by the hacker/s and wish to hash this out with them. They have also reached out to exchanges to help find and blacklist the addresses belonging to the hackers.

dForce wasn’t the only one, a day before that, DeFi platform Uniswap was also attacked by a hacker where the attacker exploited the vulnerability to drain the Uniswap liquidity pool of ETH-imBTC (of about $1,278 ETH worth $228k).

Amount loss of various assets in this incident

Part of these stolen funds have already made their way to other DeFi projects like Compound Finance and are being sold for other crypto assets.

Currently, there is an exchange going on between the hacker and dForce. The dForce attacker also sent $126k in PAX back to the project’s admin account with a “better future” memo and dForce has also reached out with their contact email. Victims are also sending $0 transactions to the attacker pleading with them to return their funds.

dForce was also accused of shipping its code from Compound Finance and with this trend continuing to accelerate, it warrants increased focus and funds directed towards their security.

Yet another DeFi hack is raising questions on the resilience of these projects and the DeFi sector, also these so-called “decentralized” projects’ ability to pause their networks. However, Melody He, co-founder, and partner at crypto hedge fund The Spartan Group says,

“The Dao didn’t kill Ethereum, Parity hack didn’t stop Polkadot, this incident will not be hope lost for Defi. But we have to acknowledge Defi is far away from deserving mainstream adoption.”

Get Daily Headlines

Enter Best Email to Get Trending Crypto News & Bitcoin Market Updates

What to Know More?

Join Our Telegram Group to Receive Live Updates on The Latest Blockchain & Crypto News From Your Favorite Projects

Join Our Telegram

Stay Up to Date!

Join us on Twitter to Get The Latest Trading Signals, Blockchain News, and Daily Communication with Crypto Users!

Join Our Twitter

Add comment

E-mail is already registered on the site. Please use the Login form or enter another.

You entered an incorrect username or password

Sorry, you must be logged in to post a comment.
Bitcoin Exchange Guide