Hackers just tapped China's dForce for $25 million in Ethereum exploit

[InfoSec News <alerts () infosecnews org>]

https://decrypt.co/26033/dforce-lendfme-defi-hack-25m

By Andrew Hayward and Robert Stevens
Decrypt.co
April 19, 2020

DForce, a Chinese decentralized finance protocol, today lost $25 million 
worth of its customers’ cryptocurrency due to a well-known exploit of an 
Ethereum token.

On Tuesday, dForce announced that it had secured $1.5 million in a seed 
round led by crypto VC fund Multicoin Capital.

The money was drained this morning from the contracts of Lendf.Me, a 
lending protocol that’s part of dForce, a collection of DeFi protocols. 
The site for Lendf.Me is now offline and its smart contracts have been 
paused. The funds were sent to DeFi lending protocols Compound and Aave. 
Stani Kulechov, founder and CEO of Aave, told Decrypt that around $10 
million of the funds were sent to his protocol.

In a bizarre twist, the hackers returned $126,014 back to Lendf.Me with a 
note saying, "Better luck next time," according to Chain News.

[...]

--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_