The hacker who managed to mine $ 25 million in cryptocurrencies from the decentralized finance protocol, dForce, has returned almost everything stolen. Why did the dForce hacker decide to do it?
Obviously, the details of the dForce hack created a lot of uncertainty in the DeFi community. In particular, they questioned the company’s security practices.
The hacker of the moment
On April 19, dForce lost all its liquidity after a known vulnerability was exploited by the mysterious hacker.
In this way, according to the BBC, the hacker managed to obtain approximately $ 10 million in Ethereum (ETH), $ 10 million in stablecoins linked to the US dollar and an additional $ 4 million in other cryptocurrencies.
What has been reported is that the attack was carried out through a method known as Reentrancy. This allows attackers to continuously withdraw cryptocurrencies without any hassle until the status of the initial transaction changes.
However, the question at the moment is: Why go to so much trouble and then return the money? What made you change your mind? Or, on the contrary, was it always part of your plan?
Hacker dForce: a disinterested movement?
According to reports, the return occurred in two parts. First, on April 20, sources claim that the attacker returned $ 2.79 million. While, yesterday, the hacker returned the remaining amount.
However, a curious thing is that the hacker did not return exactly the same balance of assets that were stolen, but returned part of the value in other types of tokens. So he returned approximately the same amount but in different cryptos.
But, the most curious thing about the whole situation is that the hacker returned the money. There is no official explanation for this, however, Sergej Kunz, CEO of 1inch.exchange, assured The Block that the attacker was caught between the sword and the wall since his IP address was shared with the Singapore police.
In fact, on Sunday, according to the BBC, Mindao Yang, the founder of dForce, claimed that the attacker had tried to communicate with the team and therefore intended to enter into dialogue.
Yang also confirmed that the funds were returned and will be redistributed to their rightful owners. However, the nightmare for Yang and his team may not have ended here.
Are we really safe? Who are the culprits?
It seems to be a happy ending for those who have been victims of the attack. However, the fact that this happened has obviously raised questions in the community.
For its part, one of the most repeated criticisms in the community is that many consider dForce to be a clone of the Compound platform.
Another element that plays against the platform is that this type of attack is well known. So Taylor Monahan, CEO of mycrypto.com, commented to CoinTelegraph the following:
“All of this indicates that dForce is incompetent because 1) they did not write their own code but instead reused someone else’s code in a way prohibited by that code’s license and 2) they were unable to address an issue that once again came to light in the last days”he assured.
While Brian Kerr, CEO of Kava Labs, assured that, although the attacks can happen to any team, the truth is that the dForce incident is different. In this way, he expressed that the fault lies with both the dForce team and the users.
Kerr explains that part of the blame is borne by users for not properly informing themselves about the team behind the platform and its code base. This is how the CEO of Kava Labs emphasizes how important it is to be informed in this world.