Millions Drained in ForceDAO Attacks, White Hat Returns Funds

Key Takeaways

  • ForceDAO was drained of millions of dollars this morning after a white hat hacker discovered a bug in the smart contract’s code.
  • The white hat hacker successfully took 14.8 million FORCE tokens. Though they returned the funds, other attackers noticed the exploit and have sold their tokens for ETH.
  • FORCE briefly tanked 95% following the attack. It’s still deep in the red following the incident.

Another multi-million dollar rug pull has hit the DeFi space. This weekend, ForceDAO is the victim. 

Disaster for ForceDAO 

ForceDAO has suffered a major attack. 

The exploit centers on a bug in the xFORCE contract’s code, which allowed anyone to call the “deposit” function regardless of whether they were holding FORCE tokens. That meant it was possible to mint xFORCE tokens from the contract without locking any tokens in the vault.

Anyone could then exchange these tokens for FORCE by calling the “withdraw” function in the contract. 

Several attackers took advantage of the exploit earlier this morning. One of them took about 14.8 million FORCE, which had a notional value of around $34 million at the time. They’ve since returned the funds to the pool.

However, four others drained another 6.75 million tokens and have begun exchanging their takings for ETH on various exchanges. As the white hat attacker had already found the exploit, liquidity plunged, which meant every subsequent attacker earned significantly less for their FORCE. 

Mudit Gupta, blockchain team lead at Polymath Network, detailed the attack in a tweetstorm.   

ForceDAO organized a highly anticipated airdrop yesterday, in which FORCE tokens were distributed to active Ethereum users. It was trading at around $2.30 earlier this morning but has since plummeted. At one point, it was down 95% and is now worth around $0.26. 

One of the black hat attackers used an address linked to the centralized exchange FTX, which gives some hope that the funds may be recovered. Most of the rest, though, has already been sold through the decentralized exchanges 1inch and SushiSwap. 

ForceDAO took to Twitter to confirm the attack. According to the team, a post-mortem will follow. 

This is a developing story and will be updated as further details surface.

Disclosure: At the time of writing, the author of this feature owned ETH and several other cryptocurrencies. They also had exposure to SUSHI in a cryptocurrency index. 

The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.

You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.

See full terms and conditions.

Source: Read Full Article