Hackers focused two cryptocurrency platforms, Uniswap crypto change and Lendf.me lending platform. As reported, the hackers managed to steal cryptocurrency price $25 million from each platforms.
Two Cryptocurrency Platforms Focused
Reportedly, hackers have just lately focused two cryptocurrency platforms, Uniswap and Lendf.me, to steal crypto property price $25 million. Uniswap is a cryptocurrency change, whereas, Lendf.me is a cryptocurrency lending platform.
Briefly, the attackers exploited a reentrancy vulnerability to focus on each providers. Each Uniswap and Lendf.me had just a few issues in widespread, which could have triggered comparable assaults. These embrace the involvement of Lendf.me protocol (powered by dForce decentralized finance (DeFi) protocol), imBTC token (powered by imToken), and ERC-777 – an underlying know-how of Ethereum blockchain facilitating sensible contracts. The identical know-how empowers imBTC and DeFi protocol to run as sensible contracts.
In response to an analysis shared by PeckShield, a blockchain safety agency, the attackers exploited a reentrancy vulnerability as a result of incompatibility of ERC-777 with each sensible contracts.
The principle logic behind these two incidents is the incompatibility between ERC777 and people DeFi sensible contracts, which could be misused by the attacker to totally hijack a standard transaction and carry out extra illicit operations.
Whereas, imToken has additionally elaborated on the identical purpose for the assault.
The ERC-777 token customary has — to our data — no safety vulnerabilities. Nonetheless, the mix of utilizing ERC777 tokens and Uniswap/Lendf.Me contracts allows the above talked about reentrancy assaults.
Concerning how the attackers might conduct this assault, imToken hinted in direction of a 2019 exploit available on GitHub.
$25 Million Value Crypto Stolen
Collectively in each incidents, the attackers might handle to pilfer $25 million price of cryptocurrency.
Following the assault, imToken suspended the imBTC contract to analyze the matter. They are going to resume providers as soon as each Uniswap and Lendf.me give them the inexperienced sign to take action.
As potential mitigation to keep away from reentrancy assaults, PeckShield recommends utilizing Checks-Results-Interactions design sample.
Tell us your ideas within the feedback.
