See More

DForce Attacker Returns All of the $25 Million in Stolen Funds

2 mins
Updated by Kyle Baird
Join our Trading Community on Telegram

In Brief

  • Attacker returns all $25 million in funds that were stolen just a few days ago.
  • A failure to cover tracks led to metadata, including the IP address, being visible.
  • Community calls into question the protocol’s security.
  • promo

The attacker responsible for the $25 million theft from DeFi protocol, dForce, has returned all of the funds. There has been no explanation for the change of heart, but it is suspected that a lack of thoroughness in covering up his tracks led the attacker to return the funds, in order to avoid further investigation.
Chinese DeFi lending platform, dForce, has received all of its roughly $25 million in stolen funds returned. The surprise move is likely because the attacker failed to cover up his or her tracks, with metadata linked to the attacker offering much data about the attacker’s possible identity. The attacker failed to use a decentralized network, using only a VPN. This made the IP address visible, which was linked to the three exchange interactions. It is also known that the attacker used a Mac, as well as the screen resolution and system language setting. With investigations already underway, it is believed that the attacker returned the funds in the hope of leniency. Managing Partner of Dragonfly Capital, Haseeb Qureshi, has called this the “most dramatic bug bounty” he had ever seen. The attack is a blow to dForce, which only a few days earlier received $1.5 million in seed funding led by Multicoin Capital. BeInCrypto requested a comment from dForce, but is yet to receive a response.

$25 Million in 8 Assets Stolen

The attack began on late Saturday and continued into Sunday. The consensus is that the attacker exploited a vulnerability in the ERC-777 protocol, a method similar to the one used in the 2016 Ethereum Decentralized Autonomous Organization (DAO) attack. The attack saw over 99% of dForce’s funds stolen – in assets that include BTC, ETH, USDT, DAI, MKR, and PAX. The attacker focused his efforts on the UniSwap and Lendf.me protocols. The latter’s platform has gone offline, and dForce CEO, Mindao Yang, has asked users to not hold assets on Lendf.me. Following the theft, the attacker moved funds into DeFi platforms Compound and Aave. In a tweet, Compound CEO, Robert Leshner, criticised Lendf.me for redeploying its code and hoped that a lesson would be learned from the hack.

DeFi Experiencing a Test of Resolve

The Decentralized Finance (DeFi) space has seen tremendous growth in the past year, at its peak holding over $1 billion in locked funds. However, recent transpirings have largely been negative, with several entities in the space having experienced thefts. The bZx protocol saw roughly $1 million stolen in February, with that being an “oracle manipulation attack.” The bZx team’s decision to suspend the network then drew criticism for being centralized. These attacks and the subsequent responses have tempered some of the buoyant optimism that has accompanied DeFi’s growth. Almost halving in value since the start of 2020, the DeFi market is now holding above its 2020 low, sitting at $736 million in locked Ether at the time of publishing. The community itself has called for better security, saying that the forking of an open source protocol – Compound says that dForce stole its code – only highlights the priority of securing code.
Top crypto platforms in the US | March 2024
Coinbase Coinbase Explore →
AlgosOne AlgosOne Explore →
Chain GPT Chain GPT Explore →
iTrustCapital iTrustCapital Explore →

Trusted

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.

Rahul-Nambiampurath.jpg
Rahul Nambiampurath
Rahul Nambiampurath's cryptocurrency journey first began in 2014 when he stumbled upon Satoshi's Bitcoin whitepaper. With a bachelor's degree in Commerce and an MBA in Finance from Sikkim Manipal University, he was among the few that first recognized the sheer untapped potential of decentralized technologies. Since then, he has helped DeFi platforms like Balancer and Sidus Heroes — a web3 metaverse — as well as CEXs like Bitso (Mexico's biggest) and Overbit to reach new heights with his...
READ FULL BIO
Sponsored
Sponsored