ForceDAO, a newly launched DeFi aggregator, seems to have gotten off on the wrong foot. Hours after launch, several malicious hackers managed to exploit 183 ETH worth around $ 367,000 from the platform. A white hat hacker alerted the team and helped prevent further losses.
In an autopsy report on the attack, ForceDAO stated that the hackers were able to flee with the funds due to a “technical glitch”. According to CoinTelegraph, the ForceDAO team has decided to move 60 million FORCE tokens from the platform’s Treasury wallet to a Deployer wallet. This starts by burning the balance of FORCE tokens that have been moved to the hacker’s wallet addresses.
I look forward to meeting you at iFX EXPO Dubai in May 2021 – make it happen!
For the Force and DeFi community, we would like to publish a post-mortem about the latest xFORCE exploit.
Thanks to everyone technical and non-technical who helped with this.
Especially for the white hat who helped keep FORCE from getting drained.https: //t.co/MK2GH69yLd
– Force (@force_dao) April 4, 2021
Do you want to be ahead of the curb in 2021? You need your data in real time. Go to the article >>
In addition, the platform made it clear post mortem: “All resources on our platform are secure, only xFORCE was affected.”
After the morterm, the hackers took advantage of a fork on a SushiSwap smart contract. The smart contract included a mechanism that could reset tokens that were used on failed transactions. Hackers took advantage of a flaw in this contract that essentially allowed them to mint xFORCE tokens, which were then withdrawn and exchanged for ETH.
The ForceDAO team has confirmed that the exploitation was avoidable: “This could have been prevented by using a standard Open Zeppelin ERC-20 or by including a safeTransferFrom wrapper in the xSUSHI contract,” the team said.
Additionally, the team found that some of the addresses that supposedly belong to hackers came from two popular cryptocurrency exchanges: FTX and Binance. The ForceDAO team wrote, “We are currently working with two separate security firms to review and analyze our repos to ensure that all contract systems are working as planned.”
As a result of the launch drama, the prices of FORCE tokens have dropped significantly. CoinTelegraph reported, “After launch and dropping, FORCE token prices rose above $ 2 on April 4th, but have since fallen over 95% to $ 0.05 on April 5th at 8am GMT. At press time, FORCE was priced at approximately $ 0.07.