This recent loss recorded by the Lending protocol Lendf.me is totaled $25 million in Bitcoin (BTC) and Ethereum (ETH). The funds disappeared from its wallets late Saturday and early Sunday after a coordinated attack. Lendf represents one of the two protocols backed by the dForce Foundation.
Speaking to a Chinese media outlet, the lending protocol said, “Lendf.me confirmed it was attacked at 8:45 Beijing time Sunday at block height 9899681.”
According to speculation going around among other DeFi protocol builders, the attack was initiated by imBTC, an Ethereum (ETH) token pegged one-to-one with Bitcoin (BTC), which was used as collateral that suddenly turned fraudulent, giving room for the attacker to siphon funds without stress.
What is not clear now is whether some users were able to withdraw their funds or the attacker took over all the $25 million, which is over 99% of its assets. Howbeit, the CEO of Compound, Robert Leshner related that the attacker took over all the funds.
It reads on Lendf’s official website that “Do not supply anymore!” While Mindao Yang, the CEO of the dForce foundation claimed that the team is still investigating the incident, urging users not to supply any asset into lendf.me from now till further notice.
Robert Leshner, the founder, and CEO of Compound wrote:
“If a project doesn’t have the expertise to develop its own smart contracts, and instead steals and redeploys somebody else’s copyrighted code, it’s a sign that they don’t have the capacity or intention to consider security. Hope developers & users learn from the Lend.me hack.”
He added that “Smart contracts that include imBTC have to be extra cautious, and write additional code to protect against ‘re-entrancy attacks.”