Defi protocol DFORCE loses 3.6 million US dollars in reentrancy attacks

10. Februar 2023, 22:42 Uhr

Aktualisiert: 10. Februar 2023, 22:55 Uhr

Von Krypto News Österreich

Das dezentralisierte Finanzprotokoll (DeFi) dForce hat einen Reentrancy-Schwachstellenangriff erlitten, der zum Verlust von Krypto-Assets im Wert von 3,6 Millionen US-Dollar führte. Der Angreifer zielte auf den Tresor des Protokolls auf der automatisierten Market Maker (AMM)-Plattform Curve Finance ab, die auf den Blockchains von Arbitrum und Optimism operiert. dForce für 3,65 Millionen Dollar ausgenutzt Der Hack wurde zuerst von Twitter-Nutzern gemeldet @ZoomerAnon der bekannt gab, dass dForce bei einer Reihe von Flash-Darlehenstransaktionen in der Optimism-Kette etwa 1,7 Millionen US-Dollar verloren hatte. Der Angriff erfolgte später bestätigt von der Blockchain-Sicherheitsfirma PeckShield, die die Gesamtverluste auf 2.300 ETH-Token (3,65 Millionen US-Dollar) rundete. Der … — The decentralized financial protocol (DEFI) DFORCE has suffered a reentrancy weak point attack that led to the loss of crypto-assets worth $ 3.6 million. The attacker aimed at the safe of the protocol on the automated Market Maker (AMM) platform Curve Finance, which operates on the blockchains of Arbitrum and Optimism. DFORCE used for $ 3.65 million The hack was first reported by Twitter users @Zoomeranon who announced that DForce had lost about $ 1.7 million in a series of flash loan transactions in the Optimism chain. The attack was later confirmed by the blockchain security company Peckshield, which rounded the total loss to 2,300 ETH tokens ($ 3.65 million). The … (Symbolbild/KNAT)

The decentralized financial protocol (Defi) DFORCE has suffered a reentrancy weak point attack that led to the loss of crypto-assets worth $ 3.6 million.

The attacker aimed at the safe of the protocol on the automated market maker (AMM) platform Curve Finance, which operated on the blockchains of Arbitrum and Optimism.

DForce used for $ 3.65 million

The hack was first reported by Twitter users @zoomeranon who announced that DForce had lost about $ 1.7 million in the optimism chain in a series of flash loan transactions. The attack was later confirmed Blockchain security company Peckshield, which rounded the total loss to 2,300 ETH tokens ($ 3.65 million).

The hacker used a reentrancy weak point in an intelligent contract function that DFORCE uses to obtain oracle prices for arbitrum and optimism if it is connected to curve.

A reentrancy attack occurs when an attacker exploits an error in a smart contract and repeatedly lifts funds that have been transferred to an unauthorized contract. It is publicly known that such attacks on protocols are associated with curve, while the AMM remains unaffected.

Peckshield continued that the perpetrator had manipulated the price of wrapped stacked ETH in the curve vault (WStethCRV-Gauge) and was able to liquidate several flash-loan positions using the WStethCRV-Gauges as security.

The original amount, 0.99 ETH, was deducted from the Defi-System Railgun Project and transferred via the Synapse Network to Arbitrum and Optimism. At the editorial deadline, the money was still in the account of the exploiter.

DForce offers the attacker bounty

dforce confirmed that the attack, which only referred to his Wsteth/ETH-curve vault, had been contained and all vaults were stopped. The protocol assured users that funds that were delivered to other safes, including lending were safe.

The platform also opened The exploitor created a log of $ 2.3 million after he had liquidated 1,031.42 and WSteth/ETH to Arbitrum or Optimum.

"We have teamed up with the security company @slowmist_team and our ecosystem partners to further examine the matter and want to offer the exploiter a premium if the funds are returned. Stay tuned for further updates," said DForce.