Force DAO Price Crashes After Suffering a Hacking Attack
Force DAO Price Crashes After Suffering a Hacking Attack
Image: Force DAO Twitter
In brief
- Force DAO saw a devastating hacking attack this Sunday morning, causing its price to crash.
- The attackers breached its xFORCE contract, minting xFORCE tokens for free, then exchanging them for FORCE.
- After withdrawing the tokens, one of the attackers — presumably 5 of them — returned a portion of the funds.
Force DAO recently suffered a hacking attack, which resulted in a theft of over $376,000, after the attackers minted xFORCE and then exchanged it for FORCE before running with the money.
DeFi hedge fund known as Force DAO was attacked only 24 hours ago, which forced its price to start heading down at a rapid rate. Early Sunday morning, five attackers hit the website, according to one of the project’s analysts. Out of the five individuals who attacked, one decided to return their portion of the stolen funds.
Force announced the incident on Twitter, noting that all of their vaults are safe and unreachable, and that the investigation of the incident is their next step.
ATTENTION
Our team is aware of the xFORCE contract exploit and has identified the nature of the issue.
There are no further funds available on the xFORCE contract to be exploited.
All other vaults are safe.
We will provide a post-mortem and next steps over the coming hours.
— Force (@force_dao) April 4, 2021
What Happened?
According to the information published in a series of tweets by Mudit Gupta, the attackers used a vulnerability of the xFORCE contract to steal xFORCE tokens. Basically, they could use the deposit function in order to mine xFORCE tokens, even if they didn’t have any FORCE tokens to deposit. After making xFORCE tokens for themselves, hackers could withdraw real FORCE tokens from the xFORCE contract, and exchange xFORCE for FORCE.
Once you have the xFORCE tokens, you can withdraw the real FORCE tokens from the xFORCE contract by calling the `withdraw` function and exchanging your xFORCE tokens for FORCE tokens.
The xFORCE contract has already been drained by https://t.co/pCfyPP2NS9
— Mudit Gupta (@Mudit__Gupta) April 4, 2021
Gupta commented on the incident, and particularly on the bug, noting that it is a common flaw in the Solidity world. On top of that, Gupta believes that no security expert reviewed these contracts, meaning that the project had no audits.
This is a well known / common bug in the Solidity world. It's almost certain that no security expert has reviewed these contracts. Force DAO is lucky that the hacker has returned the funds.
Please do not launch your products without audits or at least peer reviews.
— Mudit Gupta (@Mudit__Gupta) April 4, 2021
Attack Impacts the Coin’s Price
Of course, the attack had far-reaching consequences. The project’s native token, FORCE, plunged as soon as the news of the incident started to spread, and is currently down by over 80%. Interestingly, CoinGecko data shows that the coin started seeing a strong price increase in the early Sunday hours before the attack.
Force DAO even went from $1 to $2.21 in a matter of only a few hours. Then, its price crashed to $0.02429019. It tried to recover slightly after the initial drop, reaching $0.51, only to drop again, and try recovering again. The price eventually gave up on any attempts at recovery, reaching $0.06 and trading sideways since then.
As for the attackers, they managed to steal around $376,000. The attackers stole more initially, but one of them returned a portion of the money, so the final amount sits at $376k.
The author
