INSUBCONTINENT EXCLUSIVE:
The Chinese decentralized finance (DeFi) protocol dForce has fallen victim to a well-known exploit of an Ethereum token which led to $25m
worth of its customers' cryptocurrency being stolen.As reported by Decrypt, DForce recently announced that it had secured $1.5m in a seed
funding round led by the crypto venture capital fund Multicoin Capital
However, those funds were drained from the contracts of a lending protocol that is part of dForce called Lendf.Me.Lendf.Me is now offline
and all of its smart contracts have been paused
similar attack was recently launched against the decentralized exchange Uniswap to steal over $300,000
The exchange's smart contracts containing an Ethereum-based, tokenized version of Bitcoin run by TokenIon called imBTC were drained
The connection between the two attacks deals with the fact that Lendf.ME integrated imBTC earlier this year.The Uniswap attack leveraged a
known vulnerability in the ERC77 token standard
As a result of the way Uniswap smart contracts are set up, a hacker could continually withdraw ERC77 funds from Uniswap before the balance
updated which could allow them to drain the contracts of imBTC.While the dForce hack is entire separate from the Uniswap hack, it is
believed that the same exploit was used in both attacks
issue.To make matters worse, the CEO of Compound, Robert Leshner claims that Lendf.Me had appropriated its open source code
and instead steals and redeploys somebody else's copyrighted code, it's a sign that they don't have the capacity or intention to
won't be returned anytime soon.Via Decrypt
