|
Title: [Hack]: Lendf.Me lost $25 million Post by: Baofeng on April 19, 2020, 09:07:05 PM Popular decentralized lending platform Lendf.Me was recently hacked and lost $25 million.
A Summary of the Attack on Lendf.Me on April 19, 2020 Quote On 19 April 2020, Lendf.Me, the lending protocol in the dForce network, was attacked and approximately $25 million in assets were drained from the contract. We know that the hackers utilized a vulnerability within the ERC777 standard of imBTC to execute a reentrancy attack. The callback mechanism of ERC777 (imBTC) enabled the hacker to supply and withdraw imBTC repeatedly before the balance was updated. More analysis on the hack can be viewed from PeckShield’s report. The hacker(s) have attempted to contact us and we intend to enter into discussions with them. https://medium.com/dforcenet/a-summary-of-the-attack-on-lendf-me-on-april-19-2020-e2f1c5d96640 So another sad day for crypto enthusiast as the hackers drained all the money, including the founding with a whopping $25 million. I really don't know what to say but damn those hackers. It was reported that the hackers have contacted them, but I don't know if he will give back the money or what. So the attack vector used is by introducing what we call a 'toxic asset' as a collateral and then supposedly borrow some funds, or shall we shall borrow all the funds. Title: Re: [Hack]: Lendf.Me lost $25 million Post by: Jating on April 19, 2020, 09:13:11 PM This is definitely another blow to the so called lending and borrowing and the whole DeFi ecosystem itself. DForce was integrating with partnerships and they are really focused on the project.
And it looks like this is the hack address: https://etherscan.io/address/0xa9bf70a420d364e923c74448d9d817d3f2a77822 https://i.imgur.com/bcySLPy.png Title: Re: [Hack]: Lendf.Me lost $25 million Post by: blockman on April 19, 2020, 11:19:48 PM These hackers don't do good to the community.
I'm not a user of a DeFi but this will make people stop using it as the tendency of being hacked is there. The incident is fresh and people will be scared of putting their money into it. Title: Re: [Hack]: Lendf.Me lost $25 million Post by: cryptomaniac_xxx on April 19, 2020, 11:20:03 PM They never learned, that vulnerability was exposed months ago with ERC777 here:
https://github.com/ConsenSys/Uniswap-audit-report-2018-12#31-liquidity-pool-can-be-stolen-in-some-tokens-eg-erc-777-29 And it just shows how dangerous Defi can be for crypto community. Title: Re: [Hack]: Lendf.Me lost $25 million Post by: Kemarit on April 19, 2020, 11:41:37 PM They never learned, that vulnerability was exposed months ago with ERC777 here: https://github.com/ConsenSys/Uniswap-audit-report-2018-12#31-liquidity-pool-can-be-stolen-in-some-tokens-eg-erc-777-29 And it just shows how dangerous Defi can be for crypto community. It looks like the toxic ERC777 is the imBTC/Uniswap. Yes, I agree that DeFi can be very bad for us with all these attacks and exploits. There is also another article very detailed explanation as how someone can take advantage of the ERC77 swap. (https://blog.openzeppelin.com/exploiting-uniswap-from-reentrancy-to-actual-profit/) |
