قالب وردپرس درنا توس
Home / Technology / On the day of launch, five hackers raided the DeFi aggregator

On the day of launch, five hackers raided the DeFi aggregator



ForceDAO, the fledgling decentralized financial protocol, had a difficult start, with several hacking incidents occurring only a few hours after its launch.

This Ethereum-based revenue aggregator just launched an airdrop campaign on April 3, when four malicious “black hat” hackers managed to exhaust a total of 183 ETH in cash, which was worth about $367,000 at the time. A friendly “white hat” hacker assisted the team by warning them to prevent further losses.

The team released post-event reports of these attacks and was responsible for the so-called “engineering oversight.”

;

After the invasion, the team decided to transfer 60 million FORCE tokens from the treasury multi-signature wallet to the deployer’s wallet to create and execute three votes, which would effectively burn the FORCE balance in the three hacker addresses.

The post-verification explained that the affected xFORCE platform is a fork of the SushiSwap smart contract, which includes a mechanism to restore tokens in the event of a transaction failure. The agreement describes xFORCE as the “interest-bearing” version of FORCE, meaning that its pool shares are similar to how LP tokens work.

A flaw in the contract used by ForceDAO enables an attacker to use this mechanism to mint xFORCE tokens, then withdraw them and exchange them for Ethereum on the market. The research team admits that such attacks are relatively easy to prevent.

“This can be avoided by using the standard Open Zeppelin ERC-20 or adding a safeTransferFrom wrapper to the xSUSHI contract.”

It added that the hacking is currently under investigation because some of the addresses are from popular exchanges FTX and Binance. It will add a snapshot and restart the project with the new xFORCE token.

After the launch and airdrop, the FORCE token price soared above US$2 on April 4, but has fallen by more than 95% to US$0.05 at the time of writing.