• $3.6 million was stolen from the DeFi protocol dForce due to a reentrancy attack on the Arbitrum and Optimism chains.
• The attack exploited a vulnerability in a smart contract used by dForce to calculate oracle prices when connected to Curve Finance.
• DeForce has paused all contracts to prevent additional losses and stressed that user funds remain safe.
Overview of Attack
DeFi protocol dForce suffered a loss of over $3.6 million, which the hacker was able to siphon off thanks to a reentrancy attack executed on the Arbitrum and Optimism chains. The attack was due to a vulnerability in a smart contract function that allowed users to calculate oracle prices when connected to Curve Finance.
Over $3.6 Million Lost A hacker was able to siphon off $3.6 million worth of cryptocurrency through a reentrancy attack on the dForce DeFi protocol. The hacker was able to target the protocol’s vault on Curve Finance, an automated market maker (AMM) platform operating on the Arbitrum and Optimism blockchains. The hack was brought to light by Twitter user @ZoomerAnon who tweeted that dForce had lost around $1.7 million through a series of flash loan transactions executed on the Optimism Chain. Blockchain security firm PeckShield confirmed the attack and put the damages at around 2300 ETH, worth around $3.65 million.
DeForce also confirmed the attack on its official Twitter handle, adding that it had paused all vaults to avoid additional damage. “On Feb 10, our wstETH/ETH Curve vaults on Arbitrum & Optimism were exploited, and we immediately paused all vaults,” they said in their post.”The vulnerability is identified, and the exploit was specific to dForce’s wstETH/ETH-Curve vault… Users’ funds supplied to dForce Lending, and other vaults are SAFE.”
Details Of The Attack
According to the available details about the attack, the hacker was able