DeFi Ethereum Security

$25 Million Crypto Heist: Understanding the dForce DeFi Attack

The fallout from an April 19th attack against Chinese decentralized finance protocol dForce remains a developing story in the cryptoeconomy,
Pinterest LinkedIn Tumblr

The fallout from an April 19th attack against Chinese decentralized finance protocol dForce remains a developing story in the cryptoeconomy, so here’s everything you need to know to bring you up to speed on the unfortunate, high-profile episode.

First, some key context. In September 2019, the team behind the dForce protocol launched Lendf.Me, a DeFi lending dApp that let users earn interest on select crypto tokens. Since then and pre-attack, this dApp became the most popular DeFi project in China’s crypto scene.

In January 2020, the Compound lending project — one of the DeFi sector’s largest and most successful upstarts to date — accused dForce of plagiarizing its codebase. These charges were backed up by forensic evidence, i.e. remnants of Compound’s code in dForce’s GitHub codebase.

No Re-Entrancy Guard

These code remnants are significant to the April 18th dForce attack because it shows that dForce inherited certain key aspects from the Compound v1 protocol. One of these aspects was the lack of what’s known as a “re-entrancy guard.”

Not having this guard in place wasn’t a vulnerability of Compound v1, but this dynamic made the protocol more conservative with regard to the tokens it could support. Namely, Compound v1 didn’t support ERC-777 tokens, which enjoy more flexibility than Ethereum’s standard ERC-20 tokens but also a wider attack surface.

Specifically, decentralized exchanges that haven’t taken the appropriate precautions can see ERC-777 tokens used as springboards to so-called “re-entrancy attacks” — an infamous example of which was the 2016 hack of The DAO.

This potential DEX attack vector has been well-established and cautioned against by cryptoeconomy auditors since 2018. As such, Compound v1 didn’t support ERC-777 tokens to mitigate against a re-entrancy attack.

Accordingly, dForce’s two catastrophic mistakes were 1) inheriting code it didn’t fully understand, and 2) thereafter supporting ERC-777 tokens on Lendf.Me out of ignorance of the implications of doing so.

Inside the Attack

On Sunday, April 19th, an attacker or attackers used imBTC — an ERC-777 “wrapped” version of bitcoin (BTC) — to launch a wave of re-entrancy attacks against Lendf.Me. In short order the nefarious agent was able to make off with some $25 million worth of ether (ETH), tokenized bitcoin, and other tokens.

Within hours, the builders of Lendf.Me confirmed the attack and advised its users to stop depositing funds into the dApp.

In the wake of the attack, some users started sending pleas for their funds to the attacker’s public Ethereum address using small ETH transactions. Using this communication method, the dForce team reached out to the attacker to attempt negotiations regarding the stolen funds.

Later on Sunday evening, dForce founder Mindao Yang confirmed in a blog post that the “hacker(s) have attempted to contact us and we intend to enter into discussions with them.” Yang also confirmed his team has been in contact with law enforcment “in several jurisdictions” and has “reached out to asset issuers and exchanges to track down and blacklist the hacker(s)’s addresses.”

Zooming out, the popular DEX Uniswap saw its imBTC pool drained to the tune of $300,000 on April 18th via a re-entrancy attack. Whether this attacker was the dForce attacker, too, remains to be seen.

The Funds Returned

As multiple crypto exchanges acted quickly to blacklist the dForce hackers address, the attacker quickly found many of their stolen tokens ultimately worthless with viable off-ramps.

This reality led to the attacker sending back some tokens to the dForce team, e.g. 381,000 Huobi USD (HUSD) and 320 Huobi BTC (HBTC). These returned tokens amounted to roughly a tenth of all the funds stolen from dForce, but their return is better than nothing for dForce.

As of today, the hacker has now returned all the stolen funds after messages from people affected by the hack and the hacker possibly doxing himself by using the Uniswap exchange and not using Tor to access the website interface.


William M. Peaster is a professional writer and editor who specializes in the Ethereum, Dai, and Bitcoin beats in the cryptoeconomy. He's appeared in Blockonomi, Binance Academy, Bitsonline, and more. He enjoys tracking smart contracts, DAOs, dApps, and the Lightning Network. He's learning Solidity, too! Contact him on Telegram at @wmpeaster

Write A Comment

As Featured In
As Featured In