Thursday, October 1, 2020
No menu items!
  • News
  • Bitcoin
  • Cryptocurrency
  • Contact Us
More

    DForce Hacker of $25M in BTC and ETH Resorting to Negotiation after Identity Leakage

    Must Read

    Chainalysis and Integra FEC Are Awarded $625,000 by IRS for Cracking Monero (XMR) Privacy

    According to a report credited to Cointelegraph, the blockchain analytics firm Chainalysis and a Texas-based firm, Integra FEC, have...

    Eligibility of David Schwartz to Free Spark Tokens Questioned: Ripple CTO and Flare Clear the Air

    The snapshot of XRP Ledger for the widely publicized Spark tokens is slated for 12th December 2020. About 1.5...

    Early XRP Bull Who Benefitted from 50,000% Rally Speaks On How to Spot Parabolic Runs Before They Occur

    A popular XRP investor, who has been part of the crypto community since 2012 and has been bullish about...
    Avatar
    Solomon Odunayo
    Solomon has a growing passion for writing, this propelled him to keenly work on Eagles News Media for about two years before delving into the cryptocurrency and Blockchain industry he finds more interesting. He worked as a crypto Journalist and Editor at NewsLogical before joining Herald Sheets, owing to the priceless experience he has accumulated since he became a contributor in the crypto community.




    As the latest report has it, the hacker that perpetrated the theft of a huge sum of funds from dForce is now resorting to negotiation after allegedly leaking his identity, which is an indication for peace.

    On Saturday 18th April 2020, the world of decentralized finance (DeFi) was hit with another hacker’s attack, after a DeFi platform Lendf.me, part of dForce network, lost over $25 million in Bitcoin (BTC) and Ethereum (ETH) to a hacker.

    How the Attack Was Perpetrated

    Has report has it, the hacker used the imBTC token as the Trojan horse of the attack. This token was written according to ERC-777 specification. And it is considered a more advanced but vulnerable version of the common ERC-20 standard.

    This hacker quite exploited this vulnerability by combining it with a security loophole in the contracts of Lendf.me and how their user’s balance is updated.

    Frank Topbottom, an analyst explained the nature of the attack via his Twitter feed. He averred that the attacker executed several iterations to make the hack simple.

    He said:

    “The second attack using imBTC is more interesting. At the very beginning, attacker drained imBTC from other users on Lendf.me. Further, he repeated iterations to increase the ability to borrow other assets…”

    The analyst further explained that the hacker deposited imBTC on the Lendf.me platform in each of the transactions effected. And all these transactions were registered and reflected in his account balance.

    Importantly, the contract was unable to update the account balance of the hacker when effecting the withdrawal of funds. This gave him free will to redeposit the BTC, doubling his account balance in every transaction attempt.

    Eventually, the attacker was able to drain relatively the entire imBTC available on Lendf.me, equaling the sum of 291 imBTC worth $2 million.

    He then furthered the attack. Finally, the hacker used the counterfeit balance as collateral to borrow almost all the tokens left on the platform, summing up to over $25 million in Bitcoin (BTC), Ethereum (ETH) and other forms of cryptocurrencies.

    Hacker’s Identity Slightly Leaked

    After the devastating incident, an interesting development started to play out, which resulted in on-chain messages.

    The hacker made 3 transactions of about $250,000 in PAX tokens to 1inch.exchange and ParaSwap. Observers have generally termed this as a peace gesture, as Pax in Latin means “peace”.

    After Lendf.me replied with an email to signal its response to the hacker’s inquiry, the hacker then returned Huobi-issued assets worth $2.6 million to the DeFi platform.

    Afterward, Lendf.me sent a message with a threatening tone, “Contact us, for your better future.”

    When a spokesperson for 1inch.exchange spoke with Cointelegraph, he said the attacker leaked vital information about his identity by using 1inch.exchange web-based content delivery network directly, instead of using the IPFS-based frontend.

    Also, the attacker is identified to be using a Mac. His device’s screen resolution and system language were revealed, which made 1inch conclude that “He seems to be a good programmer, but an inexperienced hacker.”

    The handy information about the identity of the hacker has become the object of police investigations. With the look of things, the hacker could be compelled to return the stolen funds to avoid the wrath of the law.




    LEAVE A REPLY

    Please enter your comment!
    Please enter your name here

    Latest News

    Chainalysis and Integra FEC Are Awarded $625,000 by IRS for Cracking Monero (XMR) Privacy

    According to a report credited to Cointelegraph, the blockchain analytics firm Chainalysis and a Texas-based firm, Integra FEC, have...

    Eligibility of David Schwartz to Free Spark Tokens Questioned: Ripple CTO and Flare Clear the Air

    The snapshot of XRP Ledger for the widely publicized Spark tokens is slated for 12th December 2020. About 1.5 billion XRP from over 20,000...

    Early XRP Bull Who Benefitted from 50,000% Rally Speaks On How to Spot Parabolic Runs Before They Occur

    A popular XRP investor, who has been part of the crypto community since 2012 and has been bullish about the bankers’ digital token from...

    IOTA Implements Mana to Defend Against Sybil Attacks

    IOTA Foundation has implemented Mana, a new reputation system that is integrated into pollen, to defend against Sybil attacks. A blog post that explains...

    Cardano (ADA) You Keep On Crypto Exchanges Don’t Belong To You –User Buttresses His Viewpoint

    A supposed Cardano investor has recently averred that any ADA holder that chose to keep his/her holdings on cryptocurrency exchanges has little control over...

    More Articles Like This