- DeFi protocol dForce introduced that its vaults on Arbitrum and Optimism vaults had been hacked.
- dForce instantly paused the vaults, declaring that the remainder of the protocol and funds stays protected.
- Reportedly, the hacker liquidated round $3.6 million value of ETH.
Built-in DeFi protocol platform dForce posted on its official Twitter account that wstETH/ETH Curve gauge vaults on Arbitrum & Optimism had been exploited just a few hours in the past. The account concurrently shared that it instantly paused the dForce vaults.
The tweet additionally talked about that components of the protocol stay intact and person funds are safe with dForce Lending. dForce added: We’ll come again with an in depth report and treatments quickly.
Good contract audit platform BlockSec additionally tweeted updates relating to the identical. It introduced that the foundation reason for the assault was the “well-known read-only reentrancy within the curve pool.”
The Twitter thread continued as BlockSec highlighted the likelihood that the worth oracle utilized by dForce’s lending protocol might be manipulated by the attacker. Thereafter, the attacker can liquidate positions at a biased worth to make income.
The loss at the moment amounted to 1.91 million in Arbitrum and 1.73 million in OptimismFND. Furthermore, BlockSec additionally featured the assault transactions for each OP and Arbitrum.
In the meantime, blockchain safety and information analytics firm PeckShield.Inc talked about that the preliminary fund value 0.99ETH was withdrawn from the Non-public & Nameless DeFi dApp RAILGUN Undertaking and was transferred to Optimism and Arbitrum via Synapse Community.
Moreover, PeckShield famous that the “illicit positive factors” value 2.3k ETH, which values at about $3.65 million, at the moment stays within the hacker’s account.