Nexo

We’re Giving out 10 BTC in Rewards until the Bitcoin Halving

Learn More
Home » Analysis » The dForce Hacker Returns Nearly All $25M of Stolen Funds

The dForce Hacker Returns Nearly All $25M of Stolen Funds

by

Since Saturday's attack, the dForce hacker has now been blocked from cashing out on their latest earnings.

The dForce Hacker Returns Nearly All $25M of Stolen Funds

Key Takeaways

  • The LendfMe hacker has returned more than $21 million to the protocol’s admin address following a complete drain of the money market pool.
  • Some assets acquired by the hacker ran on a central registry, limiting their ability to cash out.
  • Around 510,000 USDx was transferred.

Share this article

On Apr. 19, 2020, dForce’s money market arm, LendfMe, was drained of all its liquidity after a known vulnerability was exploited. After being blacklisted from centralized registries, the hacker has returned just under $22 million in assets to LendfMe.

dForce Hacker: Cornered or Altruistic?

In the last few hours, the hacker who exploited a vulnerability in LendfMe’s ERC-777 pool has started to return stolen funds through various tokens. 

At 5:15 AM UTC, the hacker sent a transaction worth 0 ETH to LendfMe’s admin address with the message “email,” which presumably informed them that the hacker was willing to compromise and return assets.

Almost $20 million has been returned to LendfMe within the last day. Over $10 million in ETH, $10 million in stablecoins, and $1.9 million in other ERC-20 tokens were sent at 5:30 AM UTC.

Latest transactions from the hacker to LendfMe, via Etherscan.

It is unknown whether the dForce hacker had a sudden change of heart, following several despondent messages from exploited individuals, or if they were simply unable to sell their loot.

A handful of assets would have been impossible for the hacker to offload. 

imBTC is an ERC-777 token, meaning it has a central registry controlled by the operator, Tokenlon DEX. Owing to this centralized registry, the stolen tokens can be blacklisted, deeming them unredeemable and effectively useless. 

HuobiBTC is an ERC-20 token that represents a claim on BTC. This is also operated by Huobi and only redeemable on their platform.

Centralized exchanges tend to blacklist addresses associated with hacks almost immediately, which means the exploiter would find it difficult to redeem Huobi BTC as well.

The rest of the tokens, such as DAI, ETH, KNC, BAT, and others, could have been kept by the hacker as Uniswap and other DeFi protocols don’t blacklist addresses.

The potential outcome could be a truce between the dForce hacker and LendfMe, whereby the latter returns the stolen assets and receives a bounty of sorts. 

Share this article

The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.

Crypto Briefing may augment articles with AI-generated content created by Crypto Briefing’s own proprietary AI platform. We use AI as a tool to deliver fast, valuable and actionable information without losing the insight - and oversight - of experienced crypto natives. All AI augmented content is carefully reviewed, including for factural accuracy, by our editors and writers, and always draws from multiple primary and secondary sources when available to create our stories and articles.

You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.

See full terms and conditions.