On Apr. 19, 2020, dForce’s money market arm, LendfMe, was drained of all its liquidity after a known vulnerability was exploited. After being blacklisted from centralized registries, the hacker has returned just under $22 million in assets to LendfMe.

In the last few hours, the hacker who exploited a vulnerability in LendfMe’s ERC-777 pool has started to return stolen funds through various tokens. 

At 5:15 AM UTC, the hacker sent a transaction worth 0 ETH to LendfMe’s admin address with the message “email,” which presumably informed them that the hacker was willing to compromise and return assets.

Almost $20 million has been returned to LendfMe within the last day. Over $10 million in ETH, $10 million in stablecoins, and $1.9 million in other ERC-20 tokens were sent at 5:30 AM UTC.

It is unknown whether the dForce hacker had a sudden change of heart, following several despondent messages from exploited individuals, or if they were simply unable to sell their loot.

People are now sending $0 transactions to the attacker with memos pleading with him to return the funds.

dForce also dropped a contact email. pic.twitter.com/OTU4MfXSwi

— Haseeb Qureshi (@hosseeb) April 19, 2020

A handful of assets would have been impossible for the hacker to offload. 

imBTC is an ERC-777 token, meaning it has a central registry controlled by the operator, Tokenlon DEX. Owing to this centralized registry, the stolen tokens can be blacklisted, deeming them unredeemable and effectively useless. 

HuobiBTC is an ERC-20 token that represents a claim on BTC. This is also operated by Huobi and only redeemable on their platform.

Centralized exchanges tend to blacklist addresses associated with hacks almost immediately, which means the exploiter would find it difficult to redeem Huobi BTC as well.

The rest of the tokens, such as DAI, ETH, KNC, BAT, and others, could have been kept by the hacker as Uniswap and other DeFi protocols don’t blacklist addresses.

The potential outcome could be a truce between the dForce hacker and LendfMe, whereby the latter returns the stolen assets and receives a bounty of sorts. 

The post The dForce Hacker Is Returning Stolen Funds appeared first on Crypto Briefing.

Similar to Notcoin - TapSwap on Solana Airdrops In 2024

origin »

268 +