DeFi Protocol dForce Loses $3.6M in Reentrancy Attack

DeFi Protocol dForce Loses $3.6M in Reentrancy Attack

Decentralized finance (DeFi) protocol dForce has suffered a reentrancy vulnerability attack leading to the loss of $3.6 million worth of crypto assets.

The attacker targeted the protocol’s vault on the automated market maker (AMM) platform Curve Finance, which operates on the Arbitrum and Optimism blockchains.

dForce Exploited for $3.65M 

The hack was first flagged by Twitter user @ZoomerAnon who announced that dForce had lost about $1.7 million in a series of flash loan transactions on the Optimism chain. The attack was later confirmed by blockchain security firm PeckShield, which rounded the total losses to 2,300 ETH tokens ($3.65 million).

The hacker exploited a reentrancy vulnerability present in a smart contract function that dForce uses to obtain oracle prices on Arbitrum and Optimism when connected to Curve.

A reentrancy attack occurs when a bad actor exploits a bug in a smart contract and repeatedly withdraws funds transferred to an unauthorized contract. Such attacks are publicly known to occur on protocols linked to Curve, while the AMM remains untouched.

PeckShield further explained that the perpetrator had manipulated the price of wrapped staked ETH in the Curve vault (wstETHCRV-gauge) and was able to liquidate several flash loan positions using the wstETHCRV-gauge as collateral.

The initial amount, 0.99ETH, was withdrawn from the DeFi system RAILGUN Project and transferred through Synapse Network to Arbitrum and Optimism. At press time, the funds were still sitting in the exploiter’s account.

dForce Offers Bounty to the Attacker

dForce confirmed that the attack, which was distinct to only its wstETH/ETH-Curve vault, had been contained, and all vaults paused. The protocol assured users that funds supplied to other vaults, including lending, were safe.

The platform also disclosed that the exploiter created a $2.3 million protocol debt after liquidating 1,031.42 and wstETH/ETH on Arbitrum and Optimum, respectively.

“We have engaged with security firm @SlowMist_team and our ecosystem partners to further investigate the matter and would like to offer a bounty to the exploiter if the funds were returned. Stay tuned for further updates,” dForce said.

SPECIAL OFFER (Sponsored)

Binance Free $100 (Exclusive): Use this link to register and receive $100 free and 10% off fees on Binance Futures first month (terms).

PrimeXBT Special Offer: Use this link to register & enter POTATO50 code to receive up to $7,000 on your deposits.

Put your Enics in your BNB wallet now at a launch quotation, and benefit of their whooping growth in the next months

Participate now to Enic Initial Coin Offer
and enjoy big earnings
in the forthcoming weeks

ARE YOU OPERATING ON YOUR MOBILE PHONE OR TABLET?

Copy the following address or scan it into your crypto wallet, and send to this address the amount of BNB you want to convert to ENIC

0x5c887F4518a95CdAfFe4E4B3AFDA00C2BB2BcD69

Or scan the hereunder QR code right away with your crypto wallet application

The BNB you will send shall instantly be converted to ENICs and will reach your wallet in few seconds

ARE YOU OPERATING ON YOUR DESKTOP?

(Chrome browser with Metamask or Trustwallet extension suggested)

Copy the following address or scan it into your crypto wallet extension, and send to this address the amount of BNB you want to convert to ENIC

0x5c887F4518a95CdAfFe4E4B3AFDA00C2BB2BcD69

The BNB you will send shall instantly be converted to ENICs and will reach your wallet in few seconds

OR

Click here to get your Enics through our ICO main page
our community

Holders from
all over the world

Join right now our growing community in our Telegram channel, and benefit of the irresistible growth of Enic in the months ahead

0
People Joined
0 +
ICO SUBSCRIBERS
0
Energy
suppliers
en_USEnglish
it_ITItaliano es_ESEspañol fr_FRFrançais pt_PTPortuguês ja日本語 en_USEnglish