Home » Business » The hacker who stole $ 25 million with dForce got in touch with the creators of the protocol and returned part of the funds

The hacker who stole $ 25 million with dForce got in touch with the creators of the protocol and returned part of the funds

The hacker, who withdrew $ 25 million from the dForce ecosystem, allegedly gave law enforcement the opportunity to get on their trail. He also tried to contact her leadership. It is reported by Cointelegraph.

During the attack, the attacker exploited the ERC-777 standard token vulnerability, which was discovered in 2018 by ConsenSys researchers during the security audit of the Uniswap decentralized exchange smart contract system. The ERC-777 standard is considered a more advanced version of the ERC-20. But technology is more vulnerable when used in decentralized finance (DeFi) systems.

In the case of Lendf.Me, the hacker took advantage of not only the weaknesses of the imBTC token, but also the critical vulnerability in Lendf.me smart contracts, which are responsible for updating user balances.

As the analyst under the pseudonym Frank Topbottom explained, the attacker repeatedly repeated the same simple re-entry attack.

Having previously emptied the accounts of other platform users, he transferred imBTC tokens to his account, repeating the same transaction, but by 0.00000001 imBTC. This allowed him to withdraw tokens deposited before that, while maintaining the state of the account in its previous form.

The hacker withdrew all tokens from Lendf.me (291 imBTC or $ 2 million). He continued the attack until the same fate befell all the means in the dForce protocol. Using fake balance as collateral, he received almost $ 25 million in various cryptocurrencies and stablecoins.

Frank Topbottom wrote down which coins and how much the hacker brought out. He noted that the attacker sent part of the funds to the rival DeFi protocol Compound.

Somewhat earlier, in a separate and most likely unrelated episode, unknown hackers attacked and emptied the liquidity pool for imBTC on the decentralized Uniswap exchange using the same attack vector on the ERC-777 token. Describing the incident with Lendf.me, Frank Topbottom speaks of a “second attack.”

Unexpected denouement

Shortly after the attack on dForce, the hacker sent three transactions for $ 250,000 in PAX tokens to the decentralized exchanges 1inch.exchange and ParaSwap, as well as to the Lendf.Me administrator account. He accompanied the latter with a note “A Better Future”.

Such actions can be taken as an offer of peace, since PAX in Latin means “peace.”

After a response from Lendf.me with an e-mail address for communication, the hacker returned the stolen stablecoins Huobi BTC and Huobi USD for $ 2.6 million, which he would hardly have been able to convert without revealing his identity.

In response to such a gesture, the hacker received a message from the Lendf.me administrator with the note “Contact us. For the sake of your better future. ”

According to a representative of 1inch.exchange, an attacker could inadvertently disclose his identification data by contacting the service directly without using the distributed IPFS file system.

“He may be a great coder, but a hacker from him is not very,” – The interlocutor of the publication assessed the actions of the attacker.

All three exchange requests came from the same Chinese IP address. Representatives of the exchange suggested that this is a VPN or proxy server, the owners of which can receive a subpoena. The hacker used a Mac, revealing the resolution of his screen and English.

Representatives of 1inch.exchange are convinced that the hacker will return the money in the hope of leniency.

Recall that in February, an attacker attacked the bzx DeFi platform and withdrew 1,193 ETH from it ($ 350,000 at that time). The damage from the second bzx attack that followed was already $ 645,000.

This attack is described in detail in our special material.

Follow ForkLog on Facebook!

Found a mistake in the text? Highlight it and press CTRL + ENTER

.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.