The DeFi network is not having it easy in 2020. After the conundrum surrounding the two DeFi ‘Flash loan’ attack on bZx leading to a loss of over a million dollars, another DeFi protocol, dForce has hit the headlines for all the wrong reasons.
According to reports, dForce, a Multicoin Capital-backed Chinese decentralized finance protocol was exploited and the network came crashing down.
Data from DeFi Pulse suggested that the Total Value Locked in the dForce space dropped from a staggering 25 million, all the way to $10.10K, registering a crash of over 100 percent in the charts.
The TVL value in USD, ETH, and BTC all exhibited a loss of 100 percent as the TVL with BTC was a mere 1.4 BTC.
Mindao Yang, CEO of dForce, announced on the Telegram channel that the team is currently working and investigating the attack. He also requested users not to supply any assets to Lendf.me for the time being. The dForce team confirmed that the attack had taken place at 9.899.681 block height.
Lendf.Me currently supports the following tokens: USDx, USDT, DAI, USDC, PAX, TUSD, WETH, imBTC, HBTC, HUSD, and WBTC and they allow anyone to supply assets to Lendf.me and begin earning interest every block. The markets’ Interest rates fluctuate based on the utilization rate of each lending pool.
Speculations were going on around space, and DeFi developers claimed that the attack was due to imBTC, which is an Ethereum token pegged 1:1 to Bitcoin. It was believed that the collateral asset turned out to be dishonest and gave access to the attackers to draw all the funds with any fee.
Rober Leshner, Compound’s CEO believed that all of the funds had been drained by the attacker, which would infer that none of the users could withdraw their funds before the attack.
Leshner went on to Twitter and mentioned that the dForce firmed had practically “copy/pasted Compound v1 without changes”, accusing the 7th largest DeFi market by TVL before the attack, on grounds of stealing their code.
He told media outlets,
“This is a follow-up attack to the imBTC Uniswap attack yesterday. “Smart contracts that include imBTC have to be extra cautious, and write additional code to protect against ‘re-entrancy attacks.”
The attack could not have arrived at a more inconvenient period as just 4 days ago, dForce had announced a $1.5 million funding, which was lead by Multicoin Capital and had active participation from Huobi Capital and China Merchants Bank International (CMBI).
The vulnerabilities in the DeFi ecosystem were surfacing every day after a good 2019 and it will do nothing to boost the trust of potential users.