ForceDAO, a shiny new decentralized funding (DeFi) Project that was attacked by five hackers this morning and revived concerns about the highly experimental sector and the seemingly endless amounts of money pouring into hours-long projects.
Our team is aware of the xFORCE contract exploit and has identified the nature of the problem.
No further funds are available for the xFORCE contract.
All other vaults are safe.
We will do an autopsy and the next steps in the next few hours.
– Force (@force_dao) April 4, 2021
Another day, another DeFi hack
The etherThe project is based on a decentralized autonomous organization (DAO) for “Quant Finance”. The aim is to leverage high returns from high yield DeFi protocols and generate superior returns by following community suggested strategies and rewarding strategists with strong incentives.
This appears to be the exploiter for $ XFORCEhttps: //t.co/WS649tJ1Fe
> $ XFORCE embossed
> $ FORCE withdrawn with embossed $ XFORCE
> Sells $ FORCE to 1 inch
It doesn’t seem to really matter how opsec sees how the initial funds come from FTX
– defiOWL (@OwOtrades) April 4, 2021
Last week, the protocol’s developers said they were “throwing tokens out of the air” for users of other DeFi protocols in order to ensure a fair start and attract various crypto communities. In the next month, a total of 25 million FORCE tokens (from a fixed supply of 100 million) should be distributed to those involved Aave, Alchemix, Badger, Balancer, Curve, Manufacturer DAO, Synthetix, sushi, Vespers and Longing for finances.
But this morning things went wrong on the long-awaited drop of air. It was attacked by an estimated five hackers in the hours after it was dropped, causing FORCE prices to fall by more than 90% in a sudden, dramatic drop.
Interesting situation with ForceDAO. Liquidity has been withdrawn, the price has dropped 90% and there is evidence that it could be a white hat hack. Pic.twitter.com/Y5aUcvvuG0
– Larry Cermak (@lawmaster) April 4, 2021
The day ForceDAO was hit
Mudit Gupta, blockchain head at Polymath Network, took to Twitter to explain what happened. According to him, the hackers took advantage of a known Solidity issue (Solidity is the underlying code of Ethereum) that allowed users to obtain FORCE tokens through an illegal process.
Hackers were able to manipulate the way in which xFORCE tokens (the “interest-bearing” version of FORCE, which represents the share of the FORCE profit sharing pool) are handled on the platform and receive FORCE tokens in return.
@force_dao xFORCE contract hacked and drained by a whitehacker. In the FORCE token, the transfer functions return false and do not return if the sender does not have enough credit. The xFORCE contract assumes that FORCE is reset and does not process the returned value. pic.twitter.com/lPo9vJ48bs
– Mudit Gupta (@Mudit__Gupta) April 4, 2021
“In the FORCE token, the transfer functions return false and do not return if the sender does not have enough credit. The xFORCE contract assumes that FORCE will be reset and not process the returned value, ”said Gupta.
“This means that anyone can call up the deposit function of the xFORCE contract, even if they don’t have FORCE tokens. The xFORCE contract gives you fresh xFORCE tokens, even if your non-existent FORCE tokens cannot be blocked. “
Gupta stated that more than five hackers appeared to have attacked the project after checking the various addresses from which the suspected hackers carried out their attack. One was a “whitehat” hacker who promptly returned the money to the network, but the others sold their proceeds.
Hacker 4 – Around 300,000 FORCE tokens were dumped and most of them sold on DEXs for ~ 50 ETH ($ 100,000) .https: //t.co/YME1GUGpib
Hacker 5 – About 1.1 million FORCE tokens drained, some sold for ~ 45 ETH ($ 95,000 US) .https: //t.co/1upadhvjOU@etherscan Can you mark these accounts as hackers too, please?
– Mudit Gupta (@Mudit__Gupta) April 4, 2021
In total, almost $ 350,000 worth of ETH was dumped by the hackers. ForceDAO, for its part, issued one advisory This warned users not to trade on exchanges until the issue was resolved. The team made no further statement at the time of going to press
Get one Edge on the cryptoasset market
Access more crypto insights and contexts in every article as a paid member of CryptoSlate Edge.
Sign up now for $ 19 / month. Discover all the advantages
Do you like what you see? Subscribe to updates.