$25M Chinese Defi protocol hack linked to famous ETH exploit


In today’s news, a Chinese Defi protocol has lost a huge amount of its customer’s cryptocurrency. The protocol, DForce, lost about $25 million through common hacking of Ethereum tokens.

According to DForce, in a statement made on Tuesday, it acquired $1.5million in a seed round conducted by Multicoin Capital, a crypto VC fund.  

$10million of the funds transferred 

The money was taken from the contracts of the operating protocol part of dForce, Lendf.Me this morning. Since that time, Lendf.Me has been offline and all processes have been halted. However, the funds were transferred to Defi lending protocols Compound and Aave. 

CEO of Aave, Stani Kulechov in a meeting with Decrypt said that about $10million of the funds were transferred to his protocol. 

Chinese Defi protocol hack similar to ERC777

A similar hacking scheme occurred yesterday as about $300,000 was drained from Uniswap. The hackers took advantage of a common vulnerability in the ERC777 token. Because of the way the contracts are set up in Uniswap, any hacker can easily withdraw ERC777 funds from the protocol before their balances have been edited. 

Uniswap smart contracts comprise an Etherum-based tokenized version of bitcoin known as imBTC owned by Tokenlon and these tokens were gradually drained due to ERC777 vulnerability. This hack is believed to be similar to that of the Chinese Defi protocol hack. 

Following these attacks, both protocols (Tokenlon and Lendf.Me) have been forced to freeze their smart accounts temporarily. However, they are currently undergoing investigations regarding the issue. 

A dForce user, David Liu has expressed his frustration regarding the protocol’s hack. He claimed that he had lost $100,000 in his conversation with Decrypt. The Chinese protocol is also tight-lipped and refused to entertain questions regarding the issue. Also, they are yet to discuss the news on their social media platforms. 

Some of the money now rests in Aave but investors may no longer want to surrender their funds to smart contracts after this recent hack.