dForce loses $3.65 million in a hack attack, reports show

dForce network just recently suffered a severe hack attack with losses exceeding about $3.65 million, according to reports. 

Peckshield alerts of hack on dForce

After recording many attacks in 2022, the crypto space started 2023 with a similar tune. Earlier on Feb. 10, PeckShield alerted to a hack attack on dForce net, estimating that the losses amounted to about $3.65 million.

The estimated loss of today's @dForcenet hack is ～$3.65M (w/ 1,236.65 ETH + 719,437 USX on @arbitrum and 1,037,492 USDC on @optimismFND). Our initial analysis shows the root cause is an oracle price issue. More details to come! https://t.co/PEzoX1emdp pic.twitter.com/tI9BPcfvWH

— PeckShield Inc. (@peckshield) February 10, 2023

Peckshield highlighted that the funds were stolen across two layers: Arbitrum and Optimism. According to a tweet posted by PeckShield, the losses reported were connected to three different crypto assets. For instance, Peckshiled noted that dForce lost about 1,236.65 ETH and 719,437 USX live from the Arbitrum layer two protocol. 

Furthermore, the PeckShield network also highlighted that about 1,037,492 USDC stolen were on @optimismFND). The reports indicate that their “initial analysis shows the root cause is an oracle price issue.” The total loss is around $1.91 million on Arbitrum and $1.73 million on Optimism. 

In the tweet, PeckShield asked dForce to look into the exploit. Close to an hour later, dForce confirmed the attack as first reported by PeckShield. The network noted that the Curve gauge vaults of wstETH/ETH on Arbitrum & Optimism were exploited recently.

wstETH/ETH Curve gauge vaults on Arbitrum & Optimism were exploited a few hours ago, and we immediately paused the dForce Vaults – other parts of the protocol remain intact and user funds are SAFE with dForce Lending.

We will come back with a detailed report and remedies soon.

— dForce (@dForcenet) February 10, 2023

dForce noted that they identified the issues a few hours before and immediately paused the dForce vaults to contain the situation. However, they noted that many other parts of this protocol remain in operation, and the funds are safely held in dForce Lending. However, dForce didn’t mention all the details concerning the attack at the time of posting. They promised to release a detailed report highlighting the remedies soon. 

Others identified the hack

Peckshield also noted that one of its community contributors, @ZoomerAnon, also noticed the problem with the dForce flash loan exploit.

According to another blockchain security network BlockSec, the leading cause of this recent problem is a read-only reentrancy attack around the curve pool. BlockSec noted that price oracle leveraged by dForce’s lending protocol is easily manipulatable by attackers. Once the attacker manipulates the oracle, they can liquidate positions at favorable prices and make profits.

1/ @dForcenet attacked in both @arbitrum and @optimismFND . The root cause is the well-known read-only reentrancy in the curve pool. pic.twitter.com/oMCBwspqPl

— BlockSec (@BlockSecTeam) February 10, 2023

Some of the dForce community members had complaints of their own. They noted that dForce had a low bug bounty paid in their own DF token. This was not enough “for a blackhat to turn whitehat.”