The dForce Loss to Hackers is a Symptom of something Deeper in DeFi

The dForce Loss to Hackers is a Symptom of something Deeper in DeFi 1

 

Open lending protocol dForce has had a few issues since it raised capital from cryptocurrency exchange Huobi last week. The open lending protocol suffered a loss of about $25 million. This is about the total of the capital in tokens that it had under its control.

All of this happened after dForce raised about $1.5 million on Thursday last week from the Huobi cryptocurrency exchange. The open lending platform seemed impregnable. The crypto space has been taken aback by the attack.

 

dForce gets HackedThe LendF protocol had issues security-wise. Sources say that hackers exploited the reentry loophole in the dForce protocol. This vulnerability had been seen in Uniswap.

 

The hacker used the ERC-777 standard to launch the attacks. The standard appears to be glitch-free. There was however a loophole that allowed for the glitch to occur. Sources point to an OpenZepellin-published exploit on GitHub as the source of the problem.

Blockchain

The attackers were able to use the reentry loophole to steal the funds by “looping” the withdrawal requests before final execution.

As of the time of writing this article, it appears that most of the funds have been returned to dForce. The Lendf protocol, however, has been suspended.

This kind of attack shows that a lot of things are wrong with the dForce setup.

First of all, the crypto space is still new technology. As such, there are going to be all kinds of technology around. Decentralized finance (DeFi) being another sub-field within the crypto space is very young at the moment. The attack has been seen by many as a result of dForce copying all kinds of things from just about anybody they think is perfect for the job.

dForce Copies Everything 

A cursory look at their business model shows this weakness very clearly. Their USDx token is a clear case of this. Another DeFi organization has a USDX. Kava from the middle of last year launched its USDX stablecoin.

It aimed to have a stablecoin in US dollar value to work within the Decentralized finance ecosystem. The USDX stablecoin was also backed by XRP tokens. dForce it appears has done everything within its power to undercut Kava at every turn.

Unnamed sources within the Kava ecosystem cite the numerous attempts by dForce as an example of the lack of the spirit of Fairplay that dForce has employed so far.

The use of Kava’s USDX ticker and many tries to get people to use its USDx instead. The lack of creativity by the dForce team seems to have been extended into its code as well. This may be what has been responsible for the hack.

Security is Lacking

The truth is that once you copy code, you will have to find a way of securing the code and altering it. This is because your version of the code will still be vulnerable to the codes’ original vulnerabilities.

The dForce Loss to Hackers is a Symptom of something Deeper in DeFi 2

 

As such, dForce hasn’t been a good copycat. According to sources, the team at dForce had repeatedly pointed out that their code came from the Concourse library. While not making any efforts to disparage these claims, others within the crypto space have accused dForce of copying code.

Robert Leshner who is the founder of Compound Finance and Robot Ventures pointed out that dForce copied its main source codes for its smart contracts from other parties.

Everyone Notices

He indicated this in a tweet and pointed out a lesson for developers.

 

 

This goes to show that many pairs of eyes are watching the various happenings within the DeFi space.

Kava’s CEO Brian Kerr had spoken exclusively about the matter. Sources say that he admitted that

“Building any financial service on ETH is quite problematic for security. Testing the possible outcomes and bugs of solidity is near impossible as it can do virtually anything as a Turing complete language. While powerful, it’s probably the worst environment to build financial infrastructure”.

 

He indicated the programming process at Kava. he said that

 

“At Kava, all our code is built from the ground up, in Golang, in very discreet modules that are scoped to very specific actions that we can “formally verify” meaning that we can fully test the code to a very high confidence for its accuracy and security”.

 

He also spoke specifically about dForce. He said that

 

 “As for dForce specifically, it is a tragedy for what happened to the users’ funds. Lots of people lost hard-earned money due to basic negligence. I don’t like to say bad things about others usually, hacks can happen to any team, but the dForce incident is particularly bad”.

 

He continued

 

 “The fault is both on the dForce team and the users. dforce didn’t understand what they were doing and marketed an unsafe product. The users didn’t do their own due diligence on the team or the codebase to make sure it’s safe”.

 

At the end of the day, it boils down to understanding how to use creativity properly. There are three kinds of creativity copycat creativity, pure creativity, and innovation. dForce didn’t understand the risks and took the first leap.

 

About the author

Christopher is the Blockchain/DeFi Editor for E-Crypto News he also writes frequently about Crypto Gaming and Gambling. He is the author of the book "Profitable Cryptocurrency Gambling and Gaming: A Complete Guide." A content developer, Crypto-Enthusiast, and tech-savvy individual. He is also a Superstar Content Developer, Strategy Demigod, and Standup Guy.

Related Posts

E-Crypto News Executive Interviews



Automated trading with HaasBot Crypto Trading Bots

Crypto Scams

Millions in Cryptocurrency Stolen by Scammers in the Last Month According to Tenable Research
November 24, 2021
Behind The Scenes: How this Crypto Community Responded to + $50m Hack
October 18, 2021
Crypto Scams
Crypto Scams Still Persistent In 2021, SEC Warns About Red Flags To Watch
September 9, 2021
Poly Network
Here’s How Hackers Stole Over $600 million in the Poly Network Attack
August 12, 2021
The World’s Most Infamous Crypto Hacks and Scams
July 31, 2021

Blockchain/Cryptocurrency Questions and Answers

Crypto casinos
How Does Bitcoin Casino Work + 2021 Beginner’s Guide
November 8, 2021
Cryptocurrency
How to Buy and Sell Cryptocurrency
November 8, 2021
What Are Bitcoin Futures And How Will They Work In 2022?
November 4, 2021
Ethereum
The Unconventional Guide to Ethereum
October 28, 2021
ICo Presale
The Science Behind ICO Presales…
October 14, 2021


CryptoCurrencyUSDChange 1hChange 24hChange 7d
Bitcoin48,977 0.65 % 0.64 % 14.43 %
Ethereum4,167.1 0.79 % 0.41 % 2.87 %
Binance Coin565.71 1.25 % 1.94 % 7.48 %
Tether0.9986 0.03 % 0.08 % 0.23 %
Solana187.20 1.85 % 0.82 % 6.62 %
Cardano1.330 0.98 % 0.89 % 16.46 %
USD Coin1.000 0.14 % 0.20 % 0.17 %
XRP0.7955 0.08 % 0.36 % 17.71 %
Polkadot30.87 2.19 % 17.29 % 10.73 %
Terra62.38 4.82 % 7.52 % 24.84 %

bitcoin
Bitcoin (BTC) $ 49,018.00
ethereum
Ethereum (ETH) $ 4,174.79
binance-coin
Binance Coin (BNB) $ 567.06
tether
Tether (USDT) $ 0.999339
solana
Solana (SOL) $ 188.47
cardano
Cardano (ADA) $ 1.34
usd-coin
USD Coin (USDC) $ 0.998914
xrp
XRP (XRP) $ 0.790234
polkadot
Polkadot (DOT) $ 27.03
terra-luna
Terra (LUNA) $ 62.93