- Ethereum-based protocol, dForce, contacts hacker who stole $25 million and begins negotiating the return of the funds.
- The hacker started to return some of the stolen funds.
- dForce CEO confirms that the attack took advantage of a vulnerability in the standard ERC-777 used by the imBTC token.
In the last 48 hours there have been a series of unusual events surrounding the theft of $25 million from the Ethereum-based protocol, dForce. The protocol is, in fact, an ecosystem of protocols including Lendf.Me and USDx. The team behind the first of these protocols confirmed that on Sunday the 19th at the height of block 9899681 was the victim of an attack.
First contact with hacker and start of negotiations
dForce CEO Mindao Yang also confirmed the attack in a recent publication. Yang claims that the attack was detected on the date referred to around 9:15 am (UTC+8) through his internal monitoring system. After detecting the attack, the protocols (Lendf.Me and USDx) were paused. However, the action came too late. The hacker stole approximately $25 million in Ethereum, Bitcoin, Tether and other cryptocurrencies.
The dForce team continues to investigate, but Yang says his research confirms that the hacker took advantage of:
a vulnerability with the combination of using ERC777 tokens and DeFi smart contracts to execute a reentrancy attack. The callback mechanism enabled the hacker to supply and withdraw ERC777 tokens repeatedly before the balance was updated.
In his posting, Yang claimed that they have begun to negotiate with the hacker or people behind the attack. Yang claimed:
We are doing everything in our power to contain the situation. We have contacted law enforcement in several jurisdictions, reached out to asset issuers and exchanges to track down and blacklist the hacker(s)’s addresses, and engaged our legal teams.
Other users sent messages to the hacker. Haseeb Qureshi, managing partner at Dragonfly Capital, reported on these messages and on the hacker’s financial activities. According to Qureshi, after the robbery the hacker invested some of the stolen funds in the Compound protocol. In addition, the hacker sent $126,000 in the PAX token to the dForce account with the message “Better Future”. More details of the transaction can be seen in the image below:
However, researcher Larry Cermak posted on his Twitter account that the negotiations have been successful. It appears the hacker is returning some of the stolen funds to dForce. The returned funds were blacklisted and the hacker would have no way to use them. There is speculation that dForce would have negotiated to receive the funds and give the hacker some kind of compensation.
At the time of publication, the hacker has returned $381,000 in the Huobi USD token. The “investment” to Compound reported by Qureshi may have been part of the return of these funds. The hacker’s most recent alleged return was reported around 10:30 am (UTC) by user Frank Topbottom.
— Frank Topbottom (@FrankResearcher) April 20, 2020