Huh? dForce Hacker Pilfers $25 Million in Crypto then Returns the Funds

On April 19th, Mindao Yang, founder of dForce, confessed that $25 million crypto had been stolen from his platform.

In a blog post, Yang said Lendf.Me, the lending protocol of dForce, was attacked and a vulnerability was exploited to steal the digital assets.

Today, it is being reported that the crypto has been returned.

Hacking Regret?

According to the BBC, $10m in Ethereum, $10m in stablecoins and $4m in other coins have now been returned.

Yang took the blame for the hack:

“This attack was my failure. While I did not execute it, I should have anticipated it and taken actions to prevent it. My heart goes out to everyone harmed, and I will do everything in my power to make this right. I sincerely apologize to our users, to our new investors, and to my team for letting them down.”

A blog post by Peckshield explained how the crypto was stolen:

Technically, the main logic behind these two incidents is the incompatibility between ERC777 and those DeFi smart contracts, which might be misused by the attacker to utterly hijack a normal transaction and perform additional illicit operations.”

In a later post, Yang said he is planning a more detailed update on the theft.

Via Twitter, Lendf.Me indicated it had created a separate recovery account for future distribution of the funds.

 

Developing …



Sponsored Links by DQ Promote

 

 

Send this to a friend