A new decentralized finance (DeFi) aggregator platform, ForceDAO was hacked to steal 183 Ethereum worth $367k, only a couple of hours after its launch.
DeFi platform ForceDAO falling prey on launch day:
ForceDAO, the new decentralized finance (DeFi) aggregator platform was launched on the 3rd of April and within a few hours, was detected to have fallen prey to a hacking attack when they received a ‘tip’ from a white hat hacker.
After a prompt investigation was launched, it was uncovered that the hacking attack that was perpetrated by malicious actors had led to the robbery of 183 Ethereum (ETC).
Reportedly, the hacking attack in the DeFi platform ForceDAO was a consequence of an “engineering oversight” as was revealed in the investigation.
This had apparently gotten facilitated due to a vulnerability in the SushiSwap smart contract employed by ForceDAO.
The smart contract used by the DeFi platform had a system that could revert tokens used in failed transactions. This vulnerability was exploited by the malicious actors to mint the XFORCE tokens which were then exchanged for ETH.
ForceDAO addressing the hacker attack:
The company has since addressed the hacking incident and has shared its analytics regarding the hacking incident.
“A total of 183 ETCH (~ $367K) worth of FORCE were drained and liquidated” reported ForceDAO.
The ForceDAO team has noted that the vulnerability or flaw could have been mitigated by using a standard Open Zeppelin ERC-20 or adding a safeTransferFrom wrapper in the xSUSHI contract.
“We take responsibility for this engineering oversight and have begun processes to ensure any such incidents are mitigated in the future,” said ForceDAO.
The new DeFi aggregator has affirmed that all their funds remain uncompromised and that only the xFORCE was impacted.
The hacking was reportedly initiated on the morning of April 3, around 7.00 AM UTC.
After getting tipped, 60 million FORCE tokens were immediately transferred from the treasury multi-signature wallet into a deployer wallet.
This action created and executed three votes, burning the FORCE balances in addresses used by three of the suspected five hackers.
ForceDAO has thanked the white hat hacker who reported the exploitation and also assisted them in stopping any more FORCE tokens from being drained. They will be offering the white hat hacker a bounty in return.
To mitigate any advanced risks, ForceDAO has been working in close collaboration with two cybersecurity firms to “review and analyze our repos to ensure all contract systems perform as designed.”
As far as repercussions are concerned, the cyber hacking incident on the new DeFi platform has substantially impacted the price of FORCE tokens.
CoinTelegraph reported that “following the launch and airdrop, FORCE token prices surged to over $2 on Apr. 4, but have since crashed over 95% to $0.05” as of 8 am GMT on April 5th. At press time, the price of FORCE was roughly $0.07.