Hackers Steal $367k in Cryptocurrency from DeFi Aggregator ForceDAO
Just hours after its launch, hackers managed to steal cryptocurrency worth $367k from the new decentralized finance (DeFi) aggregator ForceDAO. The platform, which went live on April 3, fell victim to an exploitation that was discovered after a tip-off from a ‘white hat’ hacker.
Engineering Oversight Leads to Exploitation
An investigation into the incident revealed that an “engineering oversight” allowed cyber-criminals to steal 183 Ethereum (ETH) from ForceDAO. The flaw in the SushiSwap smart contract used by the platform enabled malicious hackers to mint xFORCE tokens, which were then exchanged for ETH.
The ForceDAO team acknowledged the issue, stating that it could have been prevented by using a standard Open Zeppelin ERC-20 or adding a safeTransferFrom wrapper in the xSUSHI contract. They reassured users that all funds on the platform were safe, with only xFORCE being affected by the theft.
Immediate Action Taken
Upon discovering the exploitation, the ForceDAO team swiftly transferred 60 million FORCE tokens from the treasury multisignature wallet into a deployer wallet. This move resulted in the burning of FORCE balances in addresses associated with three of the five suspected hackers.
In a statement, ForceDAO took responsibility for the oversight and initiated measures to prevent similar incidents in the future. The platform also expressed gratitude towards the White Hat hacker who helped prevent further losses, offering a bounty for their assistance.
Enhanced Security Measures
To fortify its defenses against future attacks, ForceDAO has enlisted the services of two security firms to review and analyze its repositories. The goal is to ensure that all contract systems function as intended and to prevent any vulnerabilities from being exploited.
Price Impact and Market Response
Following the launch and subsequent airdrop, the price of FORCE tokens surged to over $2 before plummeting by over 95% to $0.05. As of 8am GMT on April 5th, the price had slightly recovered to around $0.07. The launch-day raid on ForceDAO had a significant impact on the token’s value, highlighting the volatility and risks associated with the DeFi space.