Specifically revealed by DeFi data aggregator DeFi Pulse, the cyberattack has dramatically brought down the overall value of funds stored in DForce’s protocol, from $25 million to around $10,000, over the course of one night.
On-chain data reportedly showed that the illegally acquired funds have been directed to top DeFi protocols Compound and Aave.
Mindao Yang – head of dForce – has reportedly provided his confirmation regarding the hack, via the firm’s Telegram page, disclosing the attacking time to be 8:45 AM on April 19 during block height 9.989.681.
He further claimed that investigating work is being carried out by the team at dForce, and requested users to refrain from making any assets placement on the Lendf.Me platform.
The hack was reportedly believed to have exploited a flaw in the system, inherent to Ethereum’s (ETH) ERC-777 token standard.
A cyberattack adopting a similar type of exploitation has previously occurred, stealing over $300,000 in wrapped Bitcoin (BTC) from smart contracts, store on decentralized exchange (DEX) Uniswap containing imBTC – a tokenized BTC powered by the ERC-777, run by DEX TokenIon.
DForce’s hack occurred not long after a $1.5 million seeding round for the DeFi protocol, led by Multicoin Capital, took place.