5
English
Afrikaans
Albanian
Amharic
Arabic
Armenian
Azerbaijani
Basque
Belarusian
Bengali
Bosnian
Bulgarian
Catalan
Cebuano
Chichewa
Chinese (Simplified)
Chinese (Traditional)
Corsican
Croatian
Czech
Danish
Dutch
Esperanto
Estonian
Filipino
Finnish
French
Frisian
Galician
Georgian
German
Greek
Gujarati
Haitian Creole
Hausa
Hawaiian
Hebrew
Hindi
Hmong
Hungarian
Icelandic
Igbo
Indonesian
Irish
Italian
Japanese
Javanese
Kannada
Kazakh
Khmer
Korean
Kurdish (Kurmanji)
Kyrgyz
Lao
Latin
Latvian
Lithuanian
Macedonian
Malagasy
Malay
Malayalam
Maltese
Maori
Marathi
Mongolian
Myanmar (Burmese)
Nepali
Norwegian
Pashto
Persian
Polish
Portuguese
Punjabi
Romanian
Russian
Samoan
Scottish Gaelic
Serbian
Sesotho
Shona
Sindhi
Sinhala
Slovak
Slovenian
Somali
Spanish
Sudanese
Swahili
Swedish
Tajik
Tamil
Telugu
Thai
Turkish
Ukrainian
Urdu
Uzbek
Vietnamese
Welsh
Xhosa
Yiddish
Yoruba
Zulu
The Chinese decentralized finance (DeFi) protocol dForce has fallen victim to a well-known exploit of an Ethereum token which led to $25m worth of its customers' cryptocurrency being stolen.As reported by Decrypt, DForce recently announced that it had secured $1.5m in a seed funding round led by the crypto venture capital fund Multicoin Capital.
However, those funds were drained from the contracts of a lending protocol that is part of dForce called Lendf.Me.Lendf.Me is now offline and all of its smart contracts have been paused.
However, the hackers did return $126.014 of the stolen funds back to the lending platform with a note, which read Better luck next time.A similar attack was recently launched against the decentralized exchange Uniswap to steal over $300,000.
The exchange's smart contracts containing an Ethereum-based, tokenized version of Bitcoin run by TokenIon called imBTC were drained.
The connection between the two attacks deals with the fact that Lendf.ME integrated imBTC earlier this year.The Uniswap attack leveraged a known vulnerability in the ERC77 token standard.
As a result of the way Uniswap smart contracts are set up, a hacker could continually withdraw ERC77 funds from Uniswap before the balance updated which could allow them to drain the contracts of imBTC.While the dForce hack is entire separate from the Uniswap hack, it is believed that the same exploit was used in both attacks.
The vulnerability is not new and the firm ConsenSys conducted an extensive audit of Uniswap 16 months ago, concluding that it was a major issue.To make matters worse, the CEO of Compound, Robert Leshner claims that Lendf.Me had appropriated its open source code.
In a tweet, Leshner called out Lendf.Me's security, saying: If a project doesn't have the expertise to develop its own smart contracts, and instead steals and redeploys somebody else's copyrighted code, it's a sign that they don't have the capacity or intention to consider security.As of now, dForce has not discussed the hack on its social media channels and it looks like the rest of the stolen funds won't be returned anytime soon.Via Decrypt
