Dforce’s wstETH/ETH Curve gauge vaults on Arbitrum & Optimism, a Chinese decentralized finance protocol, were exploited a few hours ago, and the amount involved exceeds $1.7 million.
wstETH/ETH Curve gauge vaults on Arbitrum and Optimism have been reported to have been hacked, and the dForce Vaults were reportedly put on hold as soon as the problem was discovered because dForce acted quickly.
Later, the company assured customers that other components of the protocol had not been compromised and that their payments with dForce remained secure.
wstETH/ETH Curve gauge vaults on Arbitrum & Optimism were exploited a few hours ago, and we immediately paused the dForce Vaults – other parts of the protocol remain intact and user funds are SAFE with dForce Lending.” dForce wrote on Twitter.
We will come back with a detailed report and remedies soon.
1/ @dForcenet attacked in both @arbitrum and @optimismFND . The root cause is the well-known read-only reentrancy in the curve pool. pic.twitter.com/oMCBwspqPl
— BlockSec (@BlockSecTeam) February 10, 2023
The attacker posed a significant risk to the company, resulting in financial losses. The pricing oracle used by the dForce lending protocol was susceptible to manipulation by the adversary. Following that, the attacker placed bets in order to earn profits at a slanted price.
Because the price of the dForcenet wstETHCRV-gauge asset was manipulated via reentrancy, the exploiter was able to liquidate a number of positions using the wstETHCRV-gauge as collateral. This enabled the hack to be carried out. This resulted in a 1.91 million loss in Arbitrum and a 1.73 million loss in OptimismFND.
The attacker posed a significant risk to the company. Poor security practices, unpatched software, phishing, social engineering, and insider attacks are all threats to cryptocurrency businesses. To reduce these risks, it’s critical to practise good security habits, keep software up to date, and choose the best way to store crypto assets.