ForceDAO Exploited for $367K after Launch Due to "Engineering Oversight"

Monday, 05/04/2021 | 09:20 GMT by Rachel McIntosh
  • At press time, the price of FORCE was roughly $0.07, down from a high of $2.
ForceDAO Exploited for $367K after Launch Due to "Engineering Oversight"
FM

ForceDAO, a newly-launched DeFi aggregator, seems to have gotten off on the wrong foot. Hours after it launched, several malicious hackers managed to exploit 183 ETH, worth roughly $367,000, from the platform. A 'white hat' hacker alerted the team and helped to prevent further losses from being incurred.

In a post-mortem report of the attack, ForceDAO has explained that the hackers were able to abscond with the funds due to an 'engineering oversight'. According to CoinTelegraph, the ForceDAO team made the decision to transfer 60 million FORCE tokens from the platform’s treasury wallet into a 'deployer' wallet. This will begin the process of burning the balance of FORCE tokens that have been moved to the hacker’s wallet addresses.

In addition, the platform clarified in the post-mortem that: “all funds on our platform are safe, only xFORCE was affected.”

What Happened?

According to the post-morterm, the hackers exploited a Fork of a SushiSwap Smart Contract . The smart contract contained a mechanism that could revert tokens that were used in failed transactions. Hackers exploited a flaw in this contract that essentially allowed them to mint xFORCE tokens, which were then withdrawn and exchanged for ETH.

The ForceDAO team has acknowledged that the exploitation was preventable: “This could’ve been prevented by using a standard Open Zeppelin ERC-20 or adding a safeTransferFrom wrapper in the xSUSHI contract,” the team said.

From the post-mortem:

Moreover, the team noted that some of the addresses that allegedly belong to hackers originate from two popular cryptocurrency exchanges: FTX and Binance. The ForceDAO team wrote that: “we’re currently engaged with 2 separate security firms to review and analyze our repos to ensure all contract systems perform as designed.”

As a result of the drama surrounding the launch, FORCE token prices have dropped significantly. CoinTelegraph reported that: “following the launch and airdrop, FORCE token prices surged to over $2 on Apr. 4, but have since crashed over 95% to $0.05” as of 8am GMT on April 5th. At press time, the price of FORCE was roughly $0.07.

ForceDAO, a newly-launched DeFi aggregator, seems to have gotten off on the wrong foot. Hours after it launched, several malicious hackers managed to exploit 183 ETH, worth roughly $367,000, from the platform. A 'white hat' hacker alerted the team and helped to prevent further losses from being incurred.

In a post-mortem report of the attack, ForceDAO has explained that the hackers were able to abscond with the funds due to an 'engineering oversight'. According to CoinTelegraph, the ForceDAO team made the decision to transfer 60 million FORCE tokens from the platform’s treasury wallet into a 'deployer' wallet. This will begin the process of burning the balance of FORCE tokens that have been moved to the hacker’s wallet addresses.

In addition, the platform clarified in the post-mortem that: “all funds on our platform are safe, only xFORCE was affected.”

What Happened?

According to the post-morterm, the hackers exploited a Fork of a SushiSwap Smart Contract . The smart contract contained a mechanism that could revert tokens that were used in failed transactions. Hackers exploited a flaw in this contract that essentially allowed them to mint xFORCE tokens, which were then withdrawn and exchanged for ETH.

The ForceDAO team has acknowledged that the exploitation was preventable: “This could’ve been prevented by using a standard Open Zeppelin ERC-20 or adding a safeTransferFrom wrapper in the xSUSHI contract,” the team said.

From the post-mortem:

Moreover, the team noted that some of the addresses that allegedly belong to hackers originate from two popular cryptocurrency exchanges: FTX and Binance. The ForceDAO team wrote that: “we’re currently engaged with 2 separate security firms to review and analyze our repos to ensure all contract systems perform as designed.”

As a result of the drama surrounding the launch, FORCE token prices have dropped significantly. CoinTelegraph reported that: “following the launch and airdrop, FORCE token prices surged to over $2 on Apr. 4, but have since crashed over 95% to $0.05” as of 8am GMT on April 5th. At press time, the price of FORCE was roughly $0.07.

About the Author: Rachel McIntosh
Rachel McIntosh
  • 1509 Articles
  • 59 Followers
About the Author: Rachel McIntosh
Rachel is a self-taught crypto geek and a passionate writer. She believes in the power that the written word has to educate, connect and empower individuals to make positive and powerful financial choices. She is the Podcast Host and a Cryptocurrency Editor at Finance Magnates.
  • 1509 Articles
  • 59 Followers

More from the Author

CryptoCurrency

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|} !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}