DForce, a decentralized finance protocol, has announced that all the exploited funds have been returned to Optimism and Arbitrum vaults. The DeFi protocol users lost funds on Arbitrum and Optimism in a hack attack three days ago.

On Feb. 13, onchain security firm Peckshield noticed a security breach on the dForce network. DForce had suffered a reentrancy hack attack on two vaults and lost about $3.65 million. After the hack, dForce immediately paused the vaults to ensure the safety of the remaining funds.

In a tweet earlier today, dForce announced that the exploited funds had been fully returned to their multi-sig on both Arbitrum and Optimism. The tweet also stated that the firm would compensate all impacted users, calling it “a perfect ending for all.”

2/5 Shortly after the incident, we entered into conversations with the exploiter, who came forward as a whitehat. We have agreed to offer a bounty and will drop all on-going investigation and law enforcement actions.

— dForce (@dForcenet) February 13, 2023
According to the tweet, the dForce team identified the exploiter who came forward as a ‘whitehat.’ They then started negotiations with the exploiter and agreed to offer a bounty and drop all investigations and law enforcement actions.

Despite the hack being on Arbitrum and Optimism layers, the losses affected three crypto assets, according to Peckshield. Fortunately, other parts of the protocol remained operational and secure in dForce Lending. They did not divulge any further information about the hack but promised to give a detailed report later.

Hi @dForcenet , you may want to take a look: https://t.co/htCZcVXvYJ

— PeckShield Inc. (@peckshield) February 10, 2023
dForce finds a way around the exploitation

Endorsing Peckshield, blockchain security network BlockSec flagged the hack and linked it to the read-only reentrancy around the curve pool. BlockSec also noted that the attacker could easily manipulate the oracle price used by the dForce Lending protocol.

DForce protocol also acknowledged other security platforms and communities for their help and support. Notably, the protocol thanked SlowMist, a blockchain security firm, for assisting in the investigation.

The protocol’s security team admitted to spending >$3 million on security audits and bounty programs over the past few years. Moreover, they are ready to double down on expanding their bounty program to encourage more responsible hacking, as security is a never-ending exercise.

Leave a Reply

Your email address will not be published. Required fields are marked *

WP Twitter Auto Publish Powered By : XYZScripts.com