dForce’s lending protocol, LendfMe, was drained for $25 million in a known smart contract exploit.


Key Takeaways

  • Uniswap’s imBTC pool succumbed to a special exploit, draining the pool of $260,000 of liquidity. One day later, this exploit was recreated on LendfMe.
  • The exploit was a known attack vector that takes advantage of a known smart contract vulnerability.
  • dForce raised money from the likes of Multicoin Capital and Huobi five days ago, putting these investors under pressure.
  • LendfMe deployed Compound’s copyrighted code, without consent, which may have contributed to a security lapse.

The DeFi news category was brought to you by Ampleforth, our preferred DeFi partner

Share this article

dForce’s money market arm, LendfMe, was drained of $25 million in a known smart contract exploit. The incident comes less than a week after a $1.5 million raise.

Market Eviscerates LendfMe

DeFi is an emerging niche within crypto, making it difficult for projects to implement vulnerability free code. But these difficulties are dramatically more pronounced when a project doesn’t fully understand the code it has deployed.

Uniswap’s imBTC pool was completely drained yesterday, raising the suspicions of on-chain investigators. The attack was done using a known exploit of ERC-777 tokens.

imBTC liquidity fell from $260,000 to $3 in a single day, via Uniswap

Today, LendfMe was emptied after a trader on the protocol managed to deploy a similar attack and drain the pool.

Total value locked in dForce, millions chart
Source: DeFi Pulse

The vulnerability exploited on LendfMe was highlighted by ConsenSys for DEXes such as Uniswap. With ERC-777 token pools, a malicious entity can make constant contract calls to withdraw funds from the liquidity pool’s smart contract.

As a result, withdrawals are done faster than the balance can be updated, allowing an entity to purchase tokens for a steep discount by causing an imbalance to the liquidity pool. This very exploit was used to drain funds from the infamous Ethereum DAO smart contract in 2016.

SIMETRI Profits of 919%
Ampleforth Oraclized Money

According to dForce founder Mindao Yang, the hackers have attempted to contact the company and they “intend to enter into discussions with them.”

Recent dForce Investors Take a Hit

Four months ago, Compound accused LendfMe of plagiarizing its copyrighted code. Moreover, these accusations are substantiated. Reportedly, LendfMe didn’t bother to remove evidence of Compound’s license from its codebase on GitHub.

Despite the controversy, the project raised $1.5 million in capital in a financing round led by Multicoin Capital, announced just this week.

The rationale for investment was that dForce could cement its place as a leading player in the Eastern DeFi ecosystem. DeFi, however, is meant to be borderless, and is not restricted by geographic boundaries.

Users in China are not barred from using Compound, which was already three times more liquid than LendfMe before this incident.

dForce does have an edge through access to better channels for direct marketing and user on-boarding in Asia. But once again, it is critical to remind people that users in Asia can already leverage existing DeFi infrastructure.

Earn smarter with Cred
Simetri Ad

Compound doesn’t support ERC-777 tokens yet, and perhaps for good reason. LendfMe’s deployment of stolen code may have contributed to the project’s lack of comprehension regarding complex security issues, leading them to succumb to the recent exploit.

“This attack was my failure. While I did not execute it, I should have anticipated it and taken actions to prevent it. My heart goes out to everyone harmed, and I will do everything in my power to make this right. I sincerely apologize to our users, to our new investors, and to my team for letting them down,” said Yang.

The DeFi news category was brought to you by Ampleforth, our preferred DeFi partner

Share this article

17 COMMENTS

  1. I am sure this post has touched all the internet people, its really really pleasant paragraph on building up new weblog.

  2. Howdy I am so thrilled I found your website, I really found you by accident, while I
    was browsing on Askjeeve for something else, Anyhow I am here
    now and would just like to say thank you for a fantastic
    post and a all round thrilling blog (I also love the theme/design), I
    don’t have time to read through it all at the minute but I have bookmarked it and also
    added in your RSS feeds, so when I have time I will be back to
    read a lot more, Please do keep up the awesome b.

  3. This is a topic that’s near to my heart… Take care!

    Exactly where are your contact details though?

  4. I think the admin of this site is truly working hard in support of
    his site, for the reason that here every information is
    quality based data.

  5. ท่า www.fun888asia.com web sex เป็นหนึ่งในปัจจัยที่ร่วมสร้างเส้นทางสู่

    I am really enjoying the theme/design of your website.
    Do you ever run into any internet browser compatibility problems?

    A couple of my blog visitors have complained about my website not operating correctly in Explorer but looks great in Chrome.
    Do you have any ideas to help fix this issue?

  6. กันทั้งนั้น เพราะแบบนี้เราเลยจะมาบอก 9 ท่า www.fun888asia.com web sex

    I really like reading through a post that can make men and women think.

    Also, thank you for permitting me to comment!

  7. Hey there! Someone in my Facebook group shared this website with us so I came
    to look it over. I’m definitely loving the information.
    I’m book-marking and will be tweeting this to my followers!
    Excellent blog and brilliant design and style.

  8. Hey I am so thrilled I found your blog page,
    I really found you by accident, while I was browsing on Askjeeve
    for something else, Regardless I am here now and would just like to say thank you for a tremendous post and a all round exciting blog (I also love the theme/design), I don’t have time to
    look over it all at the moment but I have book-marked it and also included your RSS
    feeds, so when I have time I will be back to read a lot more, Please do keep up the
    fantastic job.

  9. Howdy! Do you use Twitter? I’d like to follow you if that would be okay.

    I’m definitely enjoying your blog and look forward to new posts.

  10. Great website. Lots of useful info here. I am sending it
    to several friends ans also sharing in delicious. And of course, thank you in your effort!

  11. กันทั้งนั้น เพราะแบบนี้เราเลยจะมาบอก 9 ท่า sex

    Hi mates, how is all, and what you want to say concerning
    this paragraph, in my view its truly awesome designed for me.

  12. fun88 ทางเข้าล่าสุด is
    a great casino website, being launched in 2009, the current fun88 entrance guarantees
    users a quick registration process, premium security and excited casino game
    that deliver no matter which device you play, Players can enjoy different guaranteed match bonuses every single day.
    The entrance to fun88 mayalounge online gambling website is
    good news for anyone that is searching for a straightforward gambling experience.

  13. You ought to take part in a contest for one of the finest
    websites on the web. I’m going to recommend this blog!

LEAVE A REPLY

Please enter your comment!
Please enter your name here