Wednesday, October 28, 2020
No menu items!
  • News
  • Bitcoin
  • Cryptocurrency
  • Contact Us
More

    DForce Hacker of $25M in BTC and ETH Resorting to Negotiation after Identity Leakage

    Must Read

    WordPress Publishers Can Now Timestamp Their Contents on Ethereum

    For immutability and copyright protection, a WordPress plugin now allows publishers to timestamp their contents on the Ethereum blockchain. The...

    JP Morgan Says Bitcoin Is Poised to Triple Its Price as BTC Challenges Gold’s Status

    Bitcoin (BTC), the largest cryptocurrency by market capitalization, has been exhibiting a price bull run over the past few...

    IOTA Joins Japanese Government on NEDO Project to Protect Critical Infrastructure with AI and DLT

    As a report has it, IOTA Foundation has partnered on a project initiated by Japanese maintenance-related companies and funded...
    Avatar
    Solomon Odunayo
    Solomon has a growing passion for writing, this propelled him to keenly work on Eagles News Media for about two years before delving into the cryptocurrency and Blockchain industry he finds more interesting. He worked as a crypto Journalist and Editor at NewsLogical before joining Herald Sheets, owing to the priceless experience he has accumulated since he became a contributor in the crypto community.




    As the latest report has it, the hacker that perpetrated the theft of a huge sum of funds from dForce is now resorting to negotiation after allegedly leaking his identity, which is an indication for peace.

    On Saturday 18th April 2020, the world of decentralized finance (DeFi) was hit with another hacker’s attack, after a DeFi platform Lendf.me, part of dForce network, lost over $25 million in Bitcoin (BTC) and Ethereum (ETH) to a hacker.

    How the Attack Was Perpetrated

    Has report has it, the hacker used the imBTC token as the Trojan horse of the attack. This token was written according to ERC-777 specification. And it is considered a more advanced but vulnerable version of the common ERC-20 standard.

    This hacker quite exploited this vulnerability by combining it with a security loophole in the contracts of Lendf.me and how their user’s balance is updated.

    Frank Topbottom, an analyst explained the nature of the attack via his Twitter feed. He averred that the attacker executed several iterations to make the hack simple.

    He said:

    “The second attack using imBTC is more interesting. At the very beginning, attacker drained imBTC from other users on Lendf.me. Further, he repeated iterations to increase the ability to borrow other assets…”

    The analyst further explained that the hacker deposited imBTC on the Lendf.me platform in each of the transactions effected. And all these transactions were registered and reflected in his account balance.

    Importantly, the contract was unable to update the account balance of the hacker when effecting the withdrawal of funds. This gave him free will to redeposit the BTC, doubling his account balance in every transaction attempt.

    Eventually, the attacker was able to drain relatively the entire imBTC available on Lendf.me, equaling the sum of 291 imBTC worth $2 million.

    He then furthered the attack. Finally, the hacker used the counterfeit balance as collateral to borrow almost all the tokens left on the platform, summing up to over $25 million in Bitcoin (BTC), Ethereum (ETH) and other forms of cryptocurrencies.

    Hacker’s Identity Slightly Leaked

    After the devastating incident, an interesting development started to play out, which resulted in on-chain messages.

    The hacker made 3 transactions of about $250,000 in PAX tokens to 1inch.exchange and ParaSwap. Observers have generally termed this as a peace gesture, as Pax in Latin means “peace”.

    After Lendf.me replied with an email to signal its response to the hacker’s inquiry, the hacker then returned Huobi-issued assets worth $2.6 million to the DeFi platform.

    Afterward, Lendf.me sent a message with a threatening tone, “Contact us, for your better future.”

    When a spokesperson for 1inch.exchange spoke with Cointelegraph, he said the attacker leaked vital information about his identity by using 1inch.exchange web-based content delivery network directly, instead of using the IPFS-based frontend.

    Also, the attacker is identified to be using a Mac. His device’s screen resolution and system language were revealed, which made 1inch conclude that “He seems to be a good programmer, but an inexperienced hacker.”

    The handy information about the identity of the hacker has become the object of police investigations. With the look of things, the hacker could be compelled to return the stolen funds to avoid the wrath of the law.




    LEAVE A REPLY

    Please enter your comment!
    Please enter your name here

    Latest News

    WordPress Publishers Can Now Timestamp Their Contents on Ethereum

    For immutability and copyright protection, a WordPress plugin now allows publishers to timestamp their contents on the Ethereum blockchain. The...

    JP Morgan Says Bitcoin Is Poised to Triple Its Price as BTC Challenges Gold’s Status

    Bitcoin (BTC), the largest cryptocurrency by market capitalization, has been exhibiting a price bull run over the past few days. This positive trend has...

    IOTA Joins Japanese Government on NEDO Project to Protect Critical Infrastructure with AI and DLT

    As a report has it, IOTA Foundation has partnered on a project initiated by Japanese maintenance-related companies and funded by NEDO, (New Energy and...

    David Schwartz Says Ripple Is Making Strategic Adjustments to Enhance XRP

    The Chief Technical Officer at Ripple, David Schwartz, has recently stated that the payment startup is making “strategic adjustments”, in order to bring the...

    UK FCA’s Stance about XRP That Makes Ripple to Consider a Move to United Kingdom

    Brad Garlinghouse, the CEO of the cross-border payment firm Ripple, stated that the startup is considering moving its headquarters to the United Kingdom. In a...

    More Articles Like This