April 5, 2021 | AtoZ Markets – On Sunday, April 4, Force DAO's DeFi Protocol reported a hack attack a few hours after launch. The FORCE project token has depreciated by 90%.
According to the developers, attackers took advantage of a vulnerability in a smart contract. The team estimated the damage at 183 ETH ($367,000).
POST-MORTEM
— Force (@force_dao) April 4, 2021
To the Force and DeFi community, we'd like to share a post-mortem on the recent xFORCE exploit.
Thanks to everyone technical and non-technical who helped along the way.
Especially to the White Hat who helped deter FORCE getting drained.https://t.co/MK2GH69yLd
The Block researcher Igor Igamberdiev reported that one of the hackers returned 15.8 million FORCE.
1/5
— Igor Igamberdiev (@FrankResearcher) April 4, 2021
How can Defi live without new hacks, right?
The new victim is ForceDAO, who didn’t provide the necessary checks in a contract code.
Anyone could call the function “making a deposit” even without having FORCE.
However, the received xFORCE could be used to obtain real FORCE. pic.twitter.com/cYJCaFWG8e
Another attacker managed to withdraw 298,000 FORCE and exchange them for 42 ETH ($85,000 at the time of writing). The third stole 4.1 million FORCE, receiving 80 ETH ($16,000).
3/5
— Igor Igamberdiev (@FrankResearcher) April 4, 2021
One blackhat who drained 298k FORCE from which sold 288k FORCE and earned 42 ETH ($85k), being a Binance user. pic.twitter.com/VWnWcMqggh
The Force DAO admitted that it could have prevented the attack.
“This could’ve been prevented by using a standard Open Zeppelin ERC-20 or adding a safeTransferFrom wrapper in the xSUSHI contract.”
According to CoinMarketCap, the FORCE token was trading at $2.21 before the attack. At the time of writing, its price has dropped to $0.08.
Meanwhile, project lead developer Alberto Sevallos has said the team will announce a plan to reimburse affected users in the coming days.
As a reminder, in March 2021, the Chinese DODO DEX exchange reported a hack attack in which a number of its liquidity pools were affected. According to the DeFi Prime service, the attackers withdrew $2.1 million from the protocol.
Think we missed something? Let us know in the comment section below.