Chinese decentralized finance (DeFi) protocol, dForce was hacked last week but the startup promised to make users whole again. The platform announced that it has fully compensated the victims through the funds that the hacker returned.
dForce Offers Full Refund After $25 Million Hack
As you will recall, a hacker exploited a vulnerability in the ERC-777 token pools to get to the funds of dForce, a Chinese-based DeFi protocol. The hacker then used the information learned from this breach to access the protocol’s Lendf.Me lending platform and drain the smart contract of approximately $24.95 million of liquidity.
Interestingly enough, the hacker returned the funds 48 hours later after accidentally exposing his identity. These funds have now been redistributed to their rightful owners.
A tweet by dForce on April 27 noted,
“Over 90% of assets have been distributed to users in less than 24 hours. 100% users have been made whole in the recovery. We will disclose more future actions shortly. Stay tuned.”
In a statement issued by the company on Sunday (April 26), the firm reiterated CEO Mindao Yang’s words that the platform had recovered most of the stolen cryptocurrencies with the help of its partners, law enforcement, investors, the community, and its team.
Procedure For Asset Withdrawals And Loan Repayments
Users of the platform are to request for withdrawals by simply logging in to the “Asset Recovery System” and confirming the Terms and Conditions.
The withdrawal requests will be addressed on a first-come-first-serve basis due to the huge volumes. The users who do not make any withdrawal requests will receive their refunds automatically within seven days.
Similarly, users with outstanding loans should repay the full amount within seven days before claiming their collateral. If they do not repay the borrowed assets by the due date, their collateral will be sold to repay outstanding loans and the remaining amount will be returned to the customer’s address in stablecoin form. Those who repay their loans will receive their collateral within 24 hours.
Measures To Ensure Asset Security Moving Forward
The statement on Sunday then described various measures that the dForce team has adopted to deal with the after-effects of the hack and to prevent any future attacks.
While refunding the victims of the hack is dForce’s “absolute priority” right now, the company will also be taking several actions to ensure that the assets under its management are secure, the post noted.
The company explained that it has been working tirelessly in the last three days to audit asset data using internal data and a third-party and to finalize the post-asset-redistribution plan to investors.
The firm stated that it has indefinitely paused the Lendf.Me contract due to the recent exploitation. Moreover, it has now built an Asset Recovery System to make it easy to return the stolen funds to their respective users’ original addresses.
The post also mentions that since the hacker returned the funds, the company has decided to rebalance most of the portfolio back to the last state before the attack. All the assets are now stored safely in a cold wallet.
Additionally, according to Mindao Yang’s blog post last week, dForce will be tapping top-rated third-party security consultants “to assist with a full audit and to help us with fortifying our future security practices.” With the help of these consultants, dForce “will introduce a rigorous, audited integration process when introducing assets into the dForce ecosystem.”