Popular decentralized lending platform Lendf.Me was recently hacked and lost $25 million.
A Summary of the Attack on Lendf.Me on April 19, 2020
On 19 April 2020, Lendf.Me, the lending protocol in the dForce network, was attacked and approximately $25 million in assets were drained from the contract.
We know that the hackers utilized a vulnerability within the ERC777 standard of imBTC to execute a reentrancy attack. The callback mechanism of ERC777 (imBTC) enabled the hacker to supply and withdraw imBTC repeatedly before the balance was updated. More analysis on the hack can be viewed from PeckShield’s report.
The hacker(s) have attempted to contact us and we intend to enter into discussions with them.
https://medium.com/dforcenet/a-summary-of-the-attack-on-lendf-me-on-april-19-2020-e2f1c5d96640So another sad day for crypto enthusiast as the hackers drained all the money, including the founding with a whopping $25 million. I really don't know what to say but damn those hackers. It was reported that the hackers have contacted them, but I don't know if he will give back the money or what. So the attack vector used is by introducing what we call a 'toxic asset' as a collateral and then supposedly borrow some funds, or shall we shall borrow all the funds.