Four malicious hackers attacked ForceDAO on the day of its launch.
The fledgling decentralized financial protocol ForceDAO is off to a rocky start, with several hacker raids taking place just hours after its launch.
The Ethereum-based yield aggregator had just launched its airdrop campaign on April 3 when four malicious “black hat” hackers managed to drain a total of 183 ETH worth roughly $ 367,000 at the time. A “white hat” hacker also helped the team by alerting them to avoid further losses.
Renowned Stock Analyst Believes Bitcoin Will Eclipse Gold’s $ 10 Million Market Cap
The team has published a post mortem of the attacks and has taken responsibility for what it called an “engineering oversight”.
Following the raid, the team made the decision to transfer 60 million FORCE tokens from the treasury multi-signature wallet to a deployer wallet to create and execute three votes that would effectively burn FORCE balances at three of the hackers’ addresses.
Chainlink launches native Substrate module to bring its oracles to Polkadot
The autopsy explained that the affected xFORCE platform was a fork of a SushiSwap smart contract that contained a mechanism to roll back tokens in the event of failed transactions. The protocol describes xFORCE as the “interest bearing” version of FORCE, representing shares in your funds, similar to how LP tokens work.
A flaw in the contract used by ForceDAO allowed attackers to exploit this mechanism to mint xFORCE tokens which were then withdrawn and exchanged for ETH in the markets. The team acknowledged that the attack would have been relatively easy to prevent.
“This could have been avoided by using a standard Open Zeppelin ERC-20 or by adding a safeTransferFrom wrapper in the xSUSHI contract.”
The bitcoin boom could be fueling interest in the digital yuan, according to the People’s Bank of China
He added that the hack was currently under investigation as some of the addresses originated from the popular FTX and Binance exchanges. A snapshot will be taken and the project will be relaunched with a new xFORCE token, he added.
Following the launch and airdrop, FORCE token prices rose to more than $ 2 on April 4, but have since plummeted more than 95% to $ 0.05 at press time.
