DeFi platform dForce was attacked, and the lock-up volume plummeted by 99.9%

On April 19, a decentralized finance (DeFi) and currency protocol platform called dForce suffered a security incident. The platform’s lending protocol was lendf.me attacked, resulting in a temporary shutdown of the platform. According to security experts, the attack is very similar to the previous day’s attack on a certain DEX, and it is likely that the same people did it. Currently, the dForce team is actively investigating the details of the incident.

Blockchain data shows that the attackers have transferred the acquired assets to two major DeFi platforms. According to the information of the industry data statistics platform, the lock-up amount on the dForce platform dropped sharply within 24 hours, falling by as much as 99.9%.

!

The attack was linked to another security incident that occurred the day before. In that incident, hackers exploited a compatibility vulnerability between a DEX and the ERC777 token standard. Specifically, the attacker implemented a re-entrancy attack by repeatedly calling the tokensToSend function in ERC777 when trading ETH and imBTC.

According to an analysis by blockchain security firm PeckShield, a DEX lost about 1,278 ETH, worth about $220,000, in that attack. In addition, about 18.37 imBTC were acquired by two addresses at a price below the market price, and these two addresses are considered arbitrageurs.

!

These two back-to-back attacks have once again highlighted the security challenges facing the DeFi space. It reminds us that despite the many innovations and opportunities that decentralized finance brings, its security remains an urgent issue. Developers and users alike need to be vigilant and constantly improve their security measures to deal with increasingly sophisticated attack vectors.