- Initial funding of 0.99ETH was transmitted from the DeFi system RAILGUN Project.
- dForce said the assault, which affected just its wstETH/ETH-Curve vault, had been stopped.
To the tune of $3.6 million in cryptocurrency, an assault on the reentrancy vulnerability of the decentralized finance (DeFi) protocol dForce has resulted in the theft of funds. Curve Finance is an automated market maker (AMM) platform. That uses the Arbitrum and Optimism blockchains, and its vault was the target of the hack.
To begin, @ZoomerAnon, a Twitter user, saw that dForce had lost around $1.7 million in a string of flash loan transactions on the Optimism chain, which was the first indicator of the breach. Moreover, PeckShield, a blockchain security company. Subsequently verified the assault and estimated the total losses at 2,300 ETH tokens ($3.65 million).
In order to acquire oracle pricing on Arbitrum and Optimism when coupled with Curve. dForce makes use of a smart contract function that the hacker attacked because of its reentrancy weakness.
Liquidated Multiple Flash Loan Positions
According to PeckShield, the criminal had artificially inflated the value of wrapped staked ETH in the Curve vault (wstETHCRV-gauge). And liquidated many flash loan positions by utilizing the wstETHCRV-gauge as collateral.
Initial funding of 0.99ETH was transmitted from the DeFi system RAILGUN Project to Arbitrum and Optimism through the Synapse Network. Furthermore, as of this writing, the money has not yet been moved from the account of the exploiter.
dForce said the assault, which affected just its wstETH/ETH-Curve vault, had been stopped, and the network resumed normal operations. Users were guaranteed that their money was secure when sent to other vaults for purposes like lending.
The platform also revealed the exploiter had liquidated 1,031.42 and wstETH/ETH on Arbitrum and Optimum, respectively, resulting in a $2.3 million protocol debt.
Recommended For You:
Orion Protocol Exploited by Hacker Stealing Away Roughly $3 Million
Source: https://thenewscrypto.com/defi-protocol-dforce-exploited-of-3-65-million-by-hacker/