The exploited funds have been returned to to Optimism and Arbitrum vaults, according to DForce, a decentralized financial system.
In a hacking attempt three days ago, users of the DeFi protocol lost money on Optimism and Arbitrum. On February 13, the dForce network experienced a security compromise, according to onchain security company Peckshield.
DForce lost around $3.65 million as a result of a reentrancy hack attack on two vaults. To safeguard the security of the remaining cash after the hack, dForce immediately paused the vaults.
Earlier today, dForce tweeted that all of the monies that had been misused have been returned to their multi-sig on both Optimism and Arbitrum. The tweet called it “a great finale for all” and added that the company would pay all affected users.
The dForce team referred to the exploiter who came forward as a “whitehat,” per the tweet. They agreed to offer a bounty and discontinue all inquiries and legal actions after engaging in negotiations with the exploiter.
Peckshield claims that despite the damages affecting three crypto assets, the breach only compromised the Arbitrum and Optimism layers. Fortunately, other components of the protocol were still secure and functional in dForce Lending. They made a pledge to provide a thorough report later but did not provide any other details on the hack.
DForce finds a means to avoid the abuseBlockSec, a blockchain security network, supported Peckshield by identifying the attack and connecting it to the read-only reentrancy surrounding the curve pool.
The oracle price that the dForce Lending protocol uses can also be easily manipulated by the attacker, according to BlockSec. DForce protocol also expressed gratitude to various security communities and platforms for their assistance and support.
Notably, SlowMist, a blockchain security company, was acknowledged in the protocol for helping with the research. The security team for the protocol acknowledged spending more than $3 million over the last few years on security audits and bounty schemes.
Furthermore, they are prepared to increase their bounty program’s scope in order to promote more ethical hacking because maintaining security is a never-ending task.
