The weekend saw an exploit of the dForce DeFi protocol which netted hackers $25 million worth of crypto. This consisted mostly of Ethereum and stablecoins, with Bitcoin bringing up the tail end of assets stolen.
But in a stunning turn of events, the attacker has since returned the stolen funds. Observers believe this was due to poor hacking practice that left his identity exposed.
The dForce attacker has started returning a significant amount of the stolen funds back to the team. Yesterday, he returned $2.79 million. Today, he returned $10.95 million so far. That means the attacker has so far returned $13.74 million or 55% of the total. This is fascinating pic.twitter.com/bRJPnEyLn0
— Larry Cermak (@lawmaster) April 21, 2020
Mostly Ethereum Stolen in dForce Attack
On Saturday night there was an attack of the Lendf.Me open-source market protocol, which is part of the dForce network of DeFi protocols.
dForce currently operates two protocols, the other one being USDx. This is a meta-stablecoin that is pegged against a basket of regulated stablecoins in USDC, PAX, and TUSD.
Like the crop of most DeFi protocols at present, Lendf.Me operates by matching the supply and borrowing of Ethereum-based ERC20 tokens. It allows users to deposit ERC20 stablecoins to earn interest or borrow supported assets using crypto as collateral.
The attack netted $10 million of Ethereum, $4.4 million Bitcoin, with the $10.4 million balance consisting of various stablecoins.
According to blockchain security researchers, PeckShield, the attacker exploited a bug in the lending function that approved the release of funds in collateral exchange for imBTC, a token which pegs Bitcoin and Ethereum.
“the deposit function, i.e.,
Lendf.Meis hooked by embedding an additional
withdraw()operation, leading to the effect of increasing the internal record of the attacker’s imBTC collateral amount without actually depositing the amount.”