HOME CATEGORIES WRITE AND EARN ๐Ÿ”
CATEGORIES WRITE AND EARN MORE

CRYPTO NEWS

Your favorite crypto news blog

2 Reasons Why Ethereum DeFi Hacker Returned $25 Million in Hacked Funds

Altcoins 2020/04/21 15:42 by Samuel Wan
The weekend saw an exploit of the dForce DeFi protocol which netted hackers $25 million worth of crypto. This consisted mostly of Ethereum and stablecoins, with Bitcoin bringing up the tail end of assets stolen. But in a stunning turn of events, the attacker has since returned the stolen funds. Observers believe this was due to poor hacking practice that left his identity exposed. The dForce attacker has started returning a significant amount of the stolen funds back to the team. Yesterday, he returned $2.79 million. Today, he returned $10.95 million so far. That means the attacker has so far returned $13.74 million or 55% of the total. This is fascinating pic.twitter.com/bRJPnEyLn0 — Larry Cermak (@lawmaster) April 21, 2020 Mostly Ethereum Stolen in dForce Attack On Saturday night there was an attack of the Lendf.Me open-source market protocol, which is part of the dForce network of DeFi protocols. dForce currently operates two protocols, the other one being USDx. This is a meta-stablecoin that is pegged against a basket of regulated stablecoins in USDC, PAX, and TUSD. Like the crop of most DeFi protocols at present, Lendf.Me operates by matching the supply and borrowing of Ethereum-based ERC20 tokens. It allows users to deposit ERC20 stablecoins to earn interest or borrow supported assets using crypto as collateral. The attack netted $10 million of Ethereum, $4.4 million Bitcoin, with the $10.4 million balance consisting of various stablecoins. According to blockchain security researchers, PeckShield, the attacker exploited a bug in the lending function that approved the release of funds in collateral exchange for imBTC, a token which pegs Bitcoin and Ethereum. “the deposit function, i.e., supply() in Lendf.Me is hooked by embedding an additional withdraw() operation, leading to the effect of increasing the internal record of the attackerโ€™s imBTC collateral amount without actually depositing the amount.” Value locked in dForce in USD following the attack. (Source: defipulse.com) Not only that, but CEO of fellow DeFi protocol Compound, Robert Leshner took the opportunity to launch a scathing attack on dForce by accusing it of stealing Compound’s code. If a project doesn't have the expertise to develop it's own smart contracts, and instead steals and redeploys somebody else's copyrighted code, it's a sign that they don't have the capacity or intention to consider security. Hope developers & users learn from the @LendfMe hack. — ๐Ÿค– Leshner (@rleshner) April 19, 2020 The Unexpected Return of Funds However, earlier this morning, in an astonishing turnaround, the attacker set about returning all of the stolen funds. This includes the lions share of $10 million Ethereum. But it seems as though the stablecoins were exchanged for other crypto assets before returning. Now the attacker has returned virtually all funds. He took away $25 million and returned $23.8 million. The disparity is likely only because price went down slightly in the last two days. So there is no doubt in my mind that the attacker got caught and was forced to return it — Larry Cermak (@lawmaster) April 21, 2020 It’s unclear what motivated this action, but Larry Cermak, Director of Research at The Block, drew attention to critical oversights made by the attacker in laundering the proceeds. Namely, in moving the stolen Ethereum and other crypto assets, to decentralized exchanges, the hacker simply used a VPN or proxy server, whereas more experienced hackers would facilitate the transfer using a decentralized network, such as Tor. This blunder leaked metadata, including his IP address and also left a pathway to trace his identity via the subpoena of information from the server operator. What’s more, Sergej Kunz, CEO of 1inch exchange, which was one of the decentralized exchanges used in laundering the stolen funds, was willing to discuss the issue openly. Indeed, Kunz’s cooperation in the matter highlights industry-wide cooperation in fighting hackers. Regarding the incident, Kunz remarked: “He seems to be a good programmer, but an inexperienced hacker.” On that note, even though the hacker has now returned the stolen crypto assets, the reputation of DeFi remains tarnished. Featured image from Unsplash.

0 Like(s)



You should also read...

Altcoins 07/08/20 03:00 by Tony Spilotro
Ethereum Beats Bitcoin, Gold, and Stocks In Stimulus Check Investment
Stimulus money pouring into assets like stocks, gold, and cryptocurrencies are having a dramatic impact on valuations. But as well as Bitcoin and precious metals are performing, it is Ethereum that ha...
Read More
Crypto 25/10/20 17:00 by Guest Author
InfinityDefi: A Flexible, Low-Risk Crypto Collateral Lending DeFi Platform
The cryptocurrency industry has come a long way since its inception, as the underlying technology undergoes constant evolution. The latest advancement in such development is the concept of Decentraliz...
Read More
Other 26/10/20 12:33 by Brenda Ngari
DeFi Protocol Harvest Finance Offers $100,000 Bounty In The Aftermath Of A $24M Exploit
Several decentralized finance (DeFi) protocols have fallen victim to economic exploits since the start of this year. These have included large-scale attacks on the bZx project, the $25 million exploi...
Read More
Crypto 11/03/21 11:00 by Guest Author
Crypto Loans Continues to Evolve with DeFi as Lendefi makes Undercollateralized Borrowing Possible
The cryptocurrency industry has evolved gradually over time, giving rise to a whole new industry segment, better known as DeFi – short for Decentralized Finance. With the implementation of smart...
Read More
Crypto 19/04/21 11:08 by NewsBTC
Top Three Staking Coins
After Smart contracts, Decentralized Finance could be seen as one of the most disruptive innovations the crypto industry has seen. No surprise it has pushed Ethereum back to the new all-time high. Jus...
Read More