A new DeFi exploit has hit the crypto community. The damage is estimated at $3.6 million.
DForce, an ecosystem of DeFi protocols, was reportedly under a reentrancy attack on the Arbitrum and Optimism chains on Friday. The hack led to a damage of $3.6 million. DForce confirmed the exploit shortly after the incident and notified the dForce Vaults’ suspension.
“wstETH/ETH Curve gauge vaults on Arbitrum & Optimism were exploited a few hours ago, and we immediately paused the dForce Vaults – other parts of the protocol remain intact and user funds are SAFE with dForce Lending,” according to an official announcement.
According to the latest updates, the attack didn’t affect other vaults and dForce lending. DForce reported working with blockchain security company SlowMist to investigate the incident which further revealed reentrancy vulnerability as the cause.
More Hacks Hitting Crypto
DForce also stated that it would offer a bounty to the attacker if he returned the funds.
Technically explained, reentrancy attack refers to a vulnerability in smart contract that repeatedly invokes a smart contract function and triggers a series of funding withdrawals, leading to a severe damage.
The root cause is still under investigation. The possibility is that the incident was linked to a bug on smart contract or a lack of proper security control.
The first reentrancy attack happened in 2016. Hackers took over the control of the Decentralized Autonomous Organization (DAO) and extracted $50 million worth of Ether.
Crypto protocols are the primary target of cyberattack. Earlier this week, DeFi protocol CoW Swap and Trust Wallet reported two exploits that resulted in a loss of $181k and $4 million, respectively.
CoW Swap reportedly suffered a “solver” attack. The drained funds were later moved on Tornado Cash, the controversial crypto mixer.
Loads of DeFi Hacks
DeFi hacks are regularly associated with technical issues in smart contracts despite the fact that a smart contract is one of the breakthrough advances that facilitates transactions without a third party.
Still, a number of DeFi hacks show that innovations require constant maintenance, in such cases, security improvement. Otherwise, it could result in less innovation and security, which eventually makes no sense.
Data from Chainanalysis revealed that DeFi protocols accounted for 82% of all crypto assets exploited in 2022. It’s equivalent to $3.1 billion, the report highlighted. Cross-chain bridge attack is the top security risk.
While enabling convenience of asset transfer across different chains, the bridges are also proven to be vulnerable to cyber attack.
While recent hacks put questions on the security measures on DeFi protocols, they also raise major concerns about the connection between cyber crime and crypto mixer, particularly Tornado Cash.
Over the past few months, this protocol has been a powerful tool for hackers to execute money laundering. The US has also blacklisted Tornado Cash, citing its involvement in the famous bridge exploit Ronin Network. Tornado Cash was also used in the recent CoW Swap attack.
Despite being the key target of hackers in 2022, the interest in DeFi has been increased, especially after a series of centralized exchanges’ collapses that sent shock waves to the community.
However, the bloom comes with side effects. Since DeFi is still a nascent industry, it remains vulnerable to attacks. And if exploiters execute new forms of attacks, the improvements to catch up with old types of attacks may not be efficient anymore.
Regulatory oversight on cryptocurrency is also another major concern. The community concerns that regulators will impose stricter controls on the industry to enhance users’ protection and minimize the risks.
With DeFi there are always going to be issues, with the hacks that keep happening, people will want to know more about any platform before they invest.