- Black-hat hackers hack ForceDao project on launch date.
- How hackers hit DeFi project.
New Ethereum decentralized finance project, ForceDao has been left wounded after it was hit massively by black-hat hackers some hours after its launch. Several million were moved out of the platform until a whitehat hacker discovered the bug.
The developers of the project, however, have claimed responsibility for the attack describing it as an engineering oversight. ForceDAO announced last week that they would airdrop tokens to people using the DeFi protocol to attract more users and ensure a fair launching. 25 million FORCE token was set aside to be distributed to users of AAVE, Balancer, Marker DAO, Vesper, and Yearn finance.
The airdrop went awry, thanks to these hackers. After they moved millions out of the project, the price of ForceDao also dropped drastically by close to 90 percent.
The developers noted that the hack was being investigated and that certain addresses originated from the FTX and Binance exchange. They said a snapshot would be taken, and the project would be relaunched with a new XFORCE token.
How Black-hat hackers got in ForceDao
Gupta noted that the black-hat hackers manipulated the way xFORCE token are handled and forced out these coins.
“In the FORCE token, the transfer functions return false rather than reverting when the sender doesn’t have enough balance. The xFORCE contract assumes FORCE will revert and does not handle the returned value,” Gupta said. Gupta stated that over five hackers seemed to have attacked the project after reviewing the alleged hackers’ various addresses. One was a ‘whitehat’ hacker who promptly returned the funds to the network, but the others sold their proceeds.
The hackers dumped nearly $350,000 worth of ETH in all. ForceDAO, on its part, issued an advisory that cautioned users to avoid trading on any exchanges until the issue was solved.