DForce confirms the return of exploited $3.65m to their vaults
DForce, a decentralized finance protocol, has announced that all the exploited funds have been returned to Optimism and Arbitrum vaults. The DeFi protocol users lost funds on Arbitrum and Optimism in a hack attack three days ago.
On Feb. 13, onchain security firm Peckshield noticed a security breach on the dForce network. DForce had suffered a reentrancy hack attack on two vaults and lost about $3.65 million. After the hack, dForce immediately paused the vaults to ensure the safety of the remaining funds.
In a tweet earlier today, dForce announced that the exploited funds had been fully returned to their multi-sig on both Arbitrum and Optimism. The tweet also stated that the firm would compensate all impacted users, calling it “a perfect ending for all.”
According to the tweet, the dForce team identified the exploiter who came forward as a ‘whitehat.’ They then started negotiations with the exploiter and agreed to offer a bounty and drop all investigations and law enforcement actions.
Despite the hack being on Arbitrum and Optimism layers, the losses affected three crypto assets, according to Peckshield. Fortunately, other parts of the protocol remained operational and secure in dForce Lending. They did not divulge any further information about the hack but promised to give a detailed report later.
dForce finds a way around the exploitation
Endorsing Peckshield, blockchain security network BlockSec flagged the hack and linked it to the read-only reentrancy around the curve pool. BlockSec also noted that the attacker could easily manipulate the oracle price used by the dForce Lending protocol.
DForce protocol also acknowledged other security platforms and communities for their help and support. Notably, the protocol thanked SlowMist, a blockchain security firm, for assisting in the investigation.
The protocol’s security team admitted to spending >$3 million on security audits and bounty programs over the past few years. Moreover, they are ready to double down on expanding their bounty program to encourage more responsible hacking, as security is a never-ending exercise.