{"id":219154,"date":"2021-04-05T08:57:45","date_gmt":"2021-04-05T05:57:45","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/defi-aggregator-raided-by-five-hackers-on-launch-day\/"},"modified":"2021-04-05T08:57:45","modified_gmt":"2021-04-05T05:57:45","slug":"defi-aggregator-raided-by-five-hackers-on-launch-day","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/defi-aggregator-raided-by-five-hackers-on-launch-day\/","title":{"rendered":"# DeFi aggregator raided by five hackers on launch day"},"content":{"rendered":"<p>&#8220;<strong># DeFi aggregator raided by five hackers on launch day <\/strong>&#8221;<br \/>\n<img decoding=\"async\" src=\"https:\/\/images.cointelegraph.com\/images\/840_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjEtMDQvMzIzYzdmNjEtNmE5Ni00ZTc2LTlmZjQtNzJjZTdlMGVkNTYxLmpwZw==.jpg\" \/><\/p>\n<div class=\"post-content\" data-v-5a136f3a>Fledgling decentralized finance protocol ForceDAO has had a rough start, with several incursions from hackers taking place just hours after it launched.<\/p>\n<p>The Ethereum-based yield aggregator had only just launched its airdrop campaign on April 3 when four malicious \u201cblack-hat\u201d hackers managed to drain a total of 183 ETH worth <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>roximately $367,000 at the time. One friendly &#8220;white-hat&#8221; hacker alsassisted the team by alerting them to prevent further losses.<\/p>\n<p>The team has released a post-mortem of the attacks and taken responsibility for what it termed as an \u201cengineering oversight.\u201d<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">POST-MORTEM<\/p>\n<p>To the Force and DeFi community, we&#8217;d like to share a post-mortem on the recent xFORCE exploit.<\/p>\n<p>Thanks to everyone technical and non-technical who helped along the way.<\/p>\n<p>Especially to the White Hat who helped deter FORCE getting drained.<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/MK2GH69yLd\">https:\/\/t.co\/MK2GH69yLd<\/a><\/p>\n<p>\u2014 Force (@force_dao) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/force_dao\/status\/1378764434026287104?ref_src=twsrc%5Etfw\">April 4, 2021<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>Following the incursion, the team made a decision to transfer 60 million FORCE tokens from the treasury multi-signature wallet into a deployer wallet to create and execute three votes that would effectively burn the FORCE balances in three of the hackers\u2019 addresses.<\/p>\n<p>The post-mortem explained that the xFORCE platform affected was a fork of a SushiSwap smart-contract containing a mechanism to revert tokens in the event of failed transactions. The protocol describes xFORCE as the \u201cinterest-bearing\u201d version of FORCE, representing shares in its pools similar to how LP tokens work. <\/p>\n<p>A flaw in the contract used by ForceDAO enabled the attackers to exploit this mechanism to mint xFORCE tokens which were then withdrawn and exchanged for ETH on the markets. The team acknowledged the attack would have been relatively easy to prevent.<\/p>\n<blockquote><p>\u201cThis could\u2019ve been prevented by using a standard Open Zeppelin ERC-20 or adding a safeTransferFrom wrapper in the xSUSHI contract.\u201d<\/p><\/blockquote>\n<p>It added that the hack was currently under investigation as some of the addresses originated from the popular exchanges FTX and Binance. A snapshot will be taken and the project will be re-launched with a new xFORCE token, it added.<\/p>\n<p>Following the launch and airdrop, FORCE token prices surged to over $2 on Apr. 4, but have since crashed over 95% to $0.05 at the time of writing. <\/p>\n<p><template data-name=\"subscription_form\" data-type=\"defi_newsletter\"><\/template><\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">News<\/a> articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/general\/\" target=\"_blank\" rel=\"noopener\">General category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/cointelegraph.com\/news\/defi-aggregator-raided-by-five-hackers-on-launch-day\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;# DeFi aggregator raided by five hackers on launch day &#8221; Fledgling decentralized finance protocol ForceDAO has had a rough start, with several incursions from hackers taking place just hours after it launched. The Ethereum-based yield aggregator had only just launched its airdrop campaign on April 3 when four malicious \u201cblack-hat\u201d hackers managed to drain&#8230;<\/p>\n","protected":false},"author":1,"featured_media":219155,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/images.cointelegraph.com\/images\/1200_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjEtMDQvMzIzYzdmNjEtNmE5Ni00ZTc2LTlmZjQtNzJjZTdlMGVkNTYxLmpwZw==.jpg","fifu_image_alt":"","footnotes":""},"categories":[1],"tags":[74868,74882,70944,70513,4965],"class_list":["post-219154","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-defi","tag-hacks","tag-hackers","tag-hacking","tag-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/219154","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=219154"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/219154\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/219155"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=219154"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=219154"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=219154"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}