Two cryptocurrency players paid the price cyberattacks separate over the weekend of April 18 and 19. If the investigation continues, the two hacks would nevertheless be closely linked.
According to the information communicated, the hackers would have exploited the bugs and functionalities of several blockchain technologies in order to conduct a "reentrancy" attack. This technique exploits a flaw in the system to target smart contracts and thus illegally drain funds.
In this way, attackers can repeatedly perform the same withdrawal operation before the initial transaction is processed (accepted or refused) by the platform. For the Lendf.me loan protocol, the cyber attack resulted in the withdrawal of at least $ 25 million in Ether and Bitcoin from his wallet.
For the boss of Compound, Robert Leshner, interviewed by Coindesk, hacking Lendf.me follows the attack on Uniswap. These are more precisely the imBTC tokens of the exchange that were targeted.
The leader stresses that imBTC, a token ERC-777, is "not a normal Ethereum active". Consequently, smart contracts including imBTC must be treated with additional security measures to prevent reentrancy attacks.
Tokenlon, the company behind the imBTC token, would like to point out that this standard does not present any security flaws, "to its knowledge". She believes that it is the combination of the use of ERC777 tokens and the Uniswap / Lendf.Me contracts which is at the origin of the cyber attack.
To steal the cryptocurrencies, the hackers also used a public exploit, unveiled on GitHub last summer. The vulnerability had been revealed by a company specializing in the security of crypto platforms, OpenZeppelin.
The damage is consequential for Uniswap and Lendf.me. The services would have lost respectively between 300,000 and 1.1 million dollars, and more than 24.5 million for the DeFi protocol (belonging to the dForce Foundation). The two platforms have disconnected their services to prevent further intrusions.
As for Tokenlon, it announced that it had suspended its imBT token and blocked all new transactions. Goal : prevent the use of this same technique against other services with the same characteristics and therefore potentially vulnerable.
Mining on RTX 3070. Overclocking, tuning, profitability, consumption: If you are interested in finding more…
Mining with GTX 1660, 1660 Ti, 1660 Super. Overclocking, settings, consumption, profitability, comparisons - If…
Mining with RTX 2070 and 2070 Super. Overclocking, profitability, consumption, comparison What the RTX 2070…
Mining with RTX 3060, 3060 Ti. Limitations, overclocking, settings, consumption, profitability, comparison Let's look at…
Alphacool Eisblock Aurora Acryl GPX-A (2022) with Sapphire Radeon RX 6950 XT Nitro+ Pure in…
In the ever-evolving landscape of business strategy, Bitcoin has emerged as a pivotal asset. With…
This website uses cookies.