The Chinese DeFi platform dForce had to experience how unknown persons exploited a security hole and made the equivalent of 25 million US dollars booty in various crypto currencies. But in a surprising turnaround, the money was transferred back again.
When the alarm went off at dForce this weekend, it was actually already too late. The Chinese DeFi platform could only technically understand that deposits in various crypto-currencies worth 25 million US dollars had flowed out of their own accounts to unknown addresses. The perpetrators had taken advantage of the initial findings that there was a problem with ERC777 tokens in combination with smart contracts from Lendf.me, dForce announced in a blog post. dForce founder Mindao Yan personally took responsibility for the disaster and announced at the same time: We are working closely with crypto exchanges to put the stolen coins on blacklists. This measure was apparently successful, because in the following days the loot flowed back to Lendf.me and dForce. Meanwhile, according to the data of Etherscan almost all coins are back with their rightful owners.
What the hack teaches at Lendf.me and dForce
Experts see great parallels between what happened at Lendf.me and dForce and the infamous DAO hack of 2016, where attackers had also exploited a vulnerability in Smart Contracts in the Ethereum block chain. The DAO hack ultimately led to the split into Ethereum (ETH) and Ethereum Classic (ETC). However, such a scenario is not to be expected this time, as actual monetary damage was apparently only in the air for a short time. Due to the unexpected repayments, Lendf.me and dForce are probably back on a financially secure footing.
But the spectacular coup shows weaknesses in DeFi. When decentralized protocols take over the processing of financial transactions fully automated, even a small programming error can lead to devastating results. DeFi simply does not allow a transfer to be reversed; there is no central clearing house that can intervene manually if necessary. Will the hack of 2020 lead to a lasting loss of confidence in DeFi? At the very least, proponents of DeFi will probably concern themselves much more with the technological foundations than before.
Investors beware: Do not blindly trust DeFi solutions
The brave new world of crypto-currencies and innovative solutions for the financial markets rightly promises further enormous profit opportunities. However, not everything that is already implemented in practice under the generic term DeFi meets justified security requirements. As an investor, you are in demand, especially with complex smart contracts, to weigh up with technological background knowledge which providers deserve your trust. At IOTA, for example, a hack recently revealed that the internal security system had been dangerously sloppy at a crucial point.