Force DAO protocol has been hacked, its token plunges by 95%.
A DeFi hedge fund, Force DAO, has suffered an attack by a hacker that has found a bug in the xFORCE contract, draining a total of 14.8 million worth of FORCE token.
The attack happened after the protocol had organized an airdrop yesterday, distributing FORCE tokens to its users. The token plunged by at least 95% after the protocol confirmed the attack, going from $2.30 to $0.26.
The protocol has confirmed the attack through Twitter and published a post-mortem a few hours later. According to them, Force DAO is now working with two different security firms to review and analyze the said contracts.
Other Attackers have Taken Advantage
The first hacker discovered a bug in the xFORCE contract’s code that has returned a false value when the amount transferred has exceeded the account’s balance instead of reverting it.
Mudit Gupta, a technical advisor, stated that this allowed anyone to call the “Deposit” function without even holding FORCE tokens. The attacker minted xFORCE tokens from the contract without having to lock them in the vault.
Force DAO stated that the hacker returned the funds to the pools after finding vulnerability of the contract’s code. Other attackers have taken advantage of it and have drained millions of dollars, exchanging the funds on Uniswap and Sushiswap.
Other attackers have followed suit, draining the pool’s liquidity and taking over $20 million FORCE tokens in only a matter of hours.
Force DAO is the latest DeFi protocol that is subject to millions of funds lost. Just a few days ago, TurtleDex, a Binance Smart Chain-based protocol rug, pulled its investors, draining a total of $2.5 million out of the liquidity pools.
To get the latest Cryptocurrency, Blockchain, and Crypto-mining news, please join our Telegram Channel (Note: You may be prompted to install the Telegram App on your Mobile Phone, PC, or Mac – No worries, it’s safe)