Co-Founder CakeDeFi & I-Unlimited, Bestselling Author, Keynote Speaker, Medical Doctor, Athlete
8:58 AM. SCT on April 18:
An attacker used a vulnerability in Uniswap and ERC777 to launch an attack.
The partners try to patch it… Lendf.me says everything is ok… Well…
The capital in dForce dropped by 99.9%!
This is just one of many attacks in recent months and years:
Reentrancy attacks allow hackers to repeatedly withdraw funds in a loop before the original transaction is approved or rejected.
The token standard ERC-777 has — according to Tokenlon, the company behind imBTC — no security gaps.
BUT: However, the combination of the use of ERC-777 tokens and Uniswap/Lendf.me made the reentrancy attacks possible.
The bummer: It appears that the hackers used an exploit published on GitHub in July 2019 by OpenZeppelin, a company that performs security checks for cryptocurrency platforms.
Wrong risk / benefit assessment of Turing-Komplett Smart Contract platforms, where everything is possible — greed often eats brains here:
1- Better risk assessment of users
2. Better audits
3. No Turing complete DeFi? Example: https://DeFiChain.io or others
Negotiate with hackers for refunds and commissions:
Confidence-building possible again?
A lot of people lost their money through this hack. The exciting question now will be, how does LendfMe deal with this and how do the members react in the long run?
In the crypto area we have now witnessed some hacks, some were quickly forgotten and trust was quickly rebuilt. Like the hack from Binance, for example. Binance reacted extremely quickly and compensated all those affected, so Binance was able to quickly regain trust. On the other hand, as with Mt. Gox, there was a total loss…
We will find out in the next few days/weeks what exactly happens next.
Your opinion? Should “bad code must die” be implemented?
Cash flow from crypto-currencies secure and verified — but (still) centralized: https://cakedefi.com
Also check https://defichain.io for non-turing-complete DeFi, where such things should not happen in the future.