The DeFi (decentralized finance) industry suffers another blow that reminds us that DeFi is still very much in the uncharted waters.
Chinese DeFi protocol dForce fell victim to a hack and nearly 25 million dollars (99.95%) of all locked funds to the attackers.
The hack has also caused dForce’s Lendf.Me lending platform to go offline. The known reentrancy vulnerability allows a hacker to hijack a transaction and sell the same batch of tokens multiple times. Some ETH 1,278 (USD 232,000) were stolen in the first attack, and a USD 25.2 million from the second.
DForce’s devastating attack comes less than one week after crypto venture capital firm, Multicoin Capital, announced it had led the DeFi protocol’s $1.5 million seed round.
Multicoin Capital principal, Mable Jiang, stated that dForce was building DeFi’s first super network of decentralized protocols and compared it to the likes of Asian super-apps such as WeChat and Alipay.
Since its launch in September 2019, dForce’s Lendf.Me had grown to comprise the seventh-largest DeFi protocol by locked assets prior to the attack.
Mindao Yang, the CEO of dForce, confirmed the attack on the project’s Telegram channel, announcing that it was attacked at 8:45 am on April 19 during block height 9.989.681.
He stated that the dForce team is currently investigating that attack, and requested that users to not place any assets on the Lendf.Me platform.
The same exploit was used to steal over 300,000 dollars of wrapped Bitcoin from smart contracts from Uniswap decentralized exchange (DEX). Uniswap is a DEX containing imBTC, an ERC-777 based tokenized BTC that is operated by Tokenlon.
DForce integrated support for imBTC lending on the Lendf.Me platform in January, leading to speculation that it may have also used to exploit dForce.