dForce Drained of $25 Million in DeFi Smart Contract Exploit

2020-4-20 23:19

dForce’s money market arm, LendfMe, was drained of $25 million in a known smart contract exploit. The incident comes less than a week after a $1.5 million raise.

Market Eviscerates LendfMe

DeFi is an emerging niche within crypto, making it difficult for projects to implement vulnerability free code. But these difficulties are dramatically more pronounced when a project doesn’t fully understand the code it has deployed.

Uniswap’s imBTC pool was completely drained yesterday, raising the suspicions of on-chain investigators. The attack was done using a known exploit of ERC-777 tokens.

imBTC liquidity fell from $260,000 to $3 in a single day, via Uniswap

Today, LendfMe was emptied after a trader on the protocol managed to deploy a similar attack and drain the pool.

Source: DeFi Pulse

The vulnerability exploited on LendfMe was highlighted by ConsenSys for DEXes such as Uniswap. With ERC-777 token pools, a malicious entity can make constant contract calls to withdraw funds from the liquidity pool’s smart contract.

As a result, withdrawals are done faster than the balance can be updated, allowing an entity to purchase tokens for a steep discount by causing an imbalance to the liquidity pool. This very exploit was used to drain funds from the infamous Ethereum DAO smart contract in 2016.

According to dForce founder Mindao Yang, the hackers have attempted to contact the company and they “intend to enter into discussions with them.”

Recent dForce Investors Take a Hit

Four months ago, Compound accused LendfMe of plagiarizing its copyrighted code. Moreover, these accusations are substantiated. Reportedly, LendfMe didn’t bother to remove evidence of Compound’s license from its codebase on GitHub.

Despite the controversy, the project raised $1.5 million in capital in a financing round led by Multicoin Capital, announced just this week.

The rationale for investment was that dForce could cement its place as a leading player in the Eastern DeFi ecosystem. DeFi, however, is meant to be borderless, and is not restricted by geographic boundaries.

Users in China are not barred from using Compound, which was already three times more liquid than LendfMe before this incident.

dForce does have an edge through access to better channels for direct marketing and user on-boarding in Asia. But once again, it is critical to remind people that users in Asia can already leverage existing DeFi infrastructure.

If a project doesn't have the expertise to develop it's own smart contracts, and instead steals and redeploys somebody else's copyrighted code, it's a sign that they don't have the capacity or intention to consider security.

Hope developers & users learn from the @LendfMe hack.

— 🤖 Leshner (@rleshner) April 19, 2020

Compound doesn’t support ERC-777 tokens yet, and perhaps for good reason. LendfMe’s deployment of stolen code may have contributed to the project’s lack of comprehension regarding complex security issues, leading them to succumb to the recent exploit.

“This attack was my failure. While I did not execute it, I should have anticipated it and taken actions to prevent it. My heart goes out to everyone harmed, and I will do everything in my power to make this right. I sincerely apologize to our users, to our new investors, and to my team for letting them down,” said Yang.

The post dForce Drained of $25 Million in DeFi Smart Contract Exploit appeared first on Crypto Briefing.

Similar to Notcoin - Blum - Airdrops In 2024

origin »

SmartCash (SMART) на Currencies.ru

$ 0.0001196 (+2.62%)
Объем 24H $11
Изменеия 24h: 2.56 %, 7d: -70.49 %
Cегодня L: $0.0001123 - H: $0.000126
Капитализация $169.084k Rank 2369
Цена в час новости $ 0.0023844 (-94.98%)

million contract exploit dforce smart drained market

million contract → Результатов: 126


Bityard Has Now Officially Launched! Register now and earn 258 USDT for Free!

You’ve heard it first here, Bityard, the world’s leading digital contract trading platform, has officially launched. According to industry authoritative sources, Bityard has received a strategic investment from a US hedge fund worth 10 million dollars, creating a precedent in the industry for complex contracts and simple transactions.

2020-4-13 15:28


ASX Exchange Backed Digital Asset Co. Raises $35M To Expand DAML Smart Contract Use Cases

Formerly given as a failing company, marred by the CEO abruptly leaving his position and a follow-through of over 25% of its employees leaving their positions, Digital Asset (DA), a company offering an open-source smart contract language, is back on track after raising $35 million USD in a Series C funding round. The round sees […]

2019-12-11 19:20


Cristiano Ronaldo Pockets Nearly $1 Million Per Paid Instagram Post

Cristiano Ronaldo incurred a substantial pay cut last year when he left Real Madrid for a new challenge with Juventus. Don’t feel too bad for the pride of Portugal, though. Not only does his contract with the Serie A power keep Ronaldo among the highest-paid footballers in the world, but he also enjoys a steady, […] The post Cristiano Ronaldo Pockets Nearly $1 Million Per Paid Instagram Post appeared first on CCN.com

2019-10-23 00:30


Second State raises $3 million to grow its enterprise smart contract platform

Second State raises $3 million to grow its enterprise smart contract platform » CryptoNinjas Second State, a developer of an open-source blockchain smart contract platform for enterprises, announced it has raised $3 million in Series A funding from a number of top venture capitalists and angel investors, led by Susquehanna International Group (SIG).

2019-7-24 20:15


Фото:

Federal judge refuses to dismiss $224M lawsuit against AT&T for SIM-swap bungle

A US federal judge has rejected AT&T‘s request to dismiss a $224 million lawsuit over a devastating SIM-swapping incident that led to $24 million in stolen cryptocurrency. A press release confirms the communications giant will face court over allegations it violated the Federal Communications Act, a consumer contract, as well as several other laws, when hackers assumed the identity (and telephone account) of cryptocurrency investor Michael Terpin in 2017.

2019-7-23 13:05


Ethereum recorded over 1 million transactions owing to smart contract creation, reveals SOOHO report

Technologists including Ethereum’s Vitalik Buterin and Cardano’s Charles Hoskinson have shifted their focus into developing individual ecosystems and improving market adoption. This drive is complimented by these technologists uploading informative videos that trace their company and coins’ future roadmap.

2019-7-2 20:30


Clause Blockchain Contract Project Gets $5.5 Million in Funding Led by DocuSign, Galaxy Digital

There are many interesting blockchain projects that are getting much more attention as the technology becomes more widely used as well as more from them which aids adoption the long-term. One of such projects is Clause, which is a digital contract management startup that has raised $5.5 million in a series A round of funding […]

2019-6-28 22:04


Samaritan developer returns $500,000 worth of Ethereum to rightful owner

Drew Stone, a developer working on Edgeware, returned 2000 ETH ($500,000) to its rightful owner after the funds were mistakenly sent to the wrong smart contract on the Ethereum Mainnet. Almost half a million dollars lost their way on the Ethereum Mainnet The crypto industry has had a reputation problem since its inception, and the […] The post Samaritan developer returns $500,000 worth of Ethereum to rightful owner appeared first on CryptoSlate.

2019-6-6 09:10


Фото:

Bitfinex Faces Legal Action From NY Attorney General: Here’s What This Means

The New York Office of the Attorney General (AG) wants to take a closer look into the business operations of Bitfinex and related stablecoin issuer Tether (USDT). According to a legal petition filed with the Supreme Court of New York, the NY Attorney General Office of Letitia James is applying for a court order to investigate Bitfinex’s suite of interrelated companies (including its umbrella firm iFinex and Tether Holdings Limited) for “ongoing fraud” to the tune of $850 million.

2019-4-27 01:30