ForceDAO, a newly-launched DeFi aggregator, seems to have gotten off on the wrong foot. Hours after it launched, several malicious hackers managed to exploit 183 ETH, worth roughly $367,000, from the platform. A ‘white hat’ hacker alerted the team and helped to prevent further losses from being incurred.
In a post-mortem report of the attack, ForceDAO has explained that the hackers were able to abscond with the funds due to an ‘engineering oversight’. According to CoinTelegraph, the ForceDAO team made the decision to transfer 60 million FORCE tokens from the platform’s treasury wallet into a ‘deployer’ wallet. This will begin the process of burning the balance of FORCE tokens that have been moved to the hacker’s wallet addresses.
To the Force and DeFi community, we’d like to share a post-mortem on the recent xFORCE exploit.
Thanks to everyone technical and non-technical who helped along the way.
Especially to the White Hat who helped deter FORCE getting drained.https://t.co/MK2GH69yLd
— Force (@force_dao) April 4, 2021
Want to Stay Ahead of the Curb in 2021? You’ll Need Your Data in Real TimeGo to article >>
In addition, the platform clarified in the post-mortem that: “all funds on our platform are safe, only xFORCE was affected.”
According to the post-morterm, the hackers exploited a fork of a SushiSwap smart contract. The smart contract contained a mechanism that could revert tokens that were used in failed transactions. Hackers exploited a flaw in this contract that essentially allowed them to mint xFORCE tokens, which were then withdrawn and exchanged for ETH.
The ForceDAO team has acknowledged that the exploitation was preventable: “This could’ve been prevented by using a standard Open Zeppelin ERC-20 or adding a safeTransferFrom wrapper in the xSUSHI contract,” the team said.
Moreover, the team noted that some of the addresses that allegedly belong to hackers originate from two popular cryptocurrency exchanges: FTX and Binance. The ForceDAO team wrote that: “we’re currently engaged with 2 separate security firms to review and analyze our repos to ensure all contract systems perform as designed.”
As a result of the drama surrounding the launch, FORCE token prices have dropped significantly. CoinTelegraph reported that: “following the launch and airdrop, FORCE token prices surged to over $2 on Apr. 4, but have since crashed over 95% to $0.05” as of 8am GMT on April 5th. At press time, the price of FORCE was roughly $0.07.