Uniswap & LendFMe targeted
Attacks this weekend [18/19.04.20] have seen hackers steal more than $25 million in cryptocurrency from Lendf.me and the Uniswap exchange. A full investigation is underway and reports have been plenty over the weekend. The two attacks are believed to be related, and most likely carried out by the same party.
The attack looks similar to the one in March 2020. On that occasion, hackers exploited legitimate features and program glitches in different Defi and DEX dapps to orchestrate a sophisticated attack.
The similarities between Uniswap and Lendf.me is that both platforms were utilizing very similar products to operate.
- Lendf.me protocol — a decentralized finance (DeFi) protocol developed by the dForce Foundation to support lending operations on the Ethereum platform.
- imBTC — a token running on Ethereum valued at a 1:1 rate with Bitcoin.
- ERC-777 — one of the underlying technologies of the Ethereum blockchain meant to support smart contracts.
At the time of writing, Uniswap is believed to have lost somewhere between $300,000 and $1.1 million. While Lendf.me has reported a loss of more than $24.5 million.
The total value locked in the dForce ecosystem was down by 100% to $6 over the past 24 hours. A day ago, the total value locked in the system was $24.9 million. It still not clear whether any users were able to withdraw funds or if the attacker seized all $25 million.
Both websites have been taken down to prevent further attacks. Tokenlon has also suspended its imBTC token and is blocking all new transactions. To prevent hackers from carrying out new attacks against other platforms.