ForceDAO Falls Victim to Hack, $367K Stolen in ETH
ForceDAO, a newly launched decentralized finance (DeFi) project, suffered a major blow shortly after its debut. Hackers exploited vulnerabilities in the protocol on April 4, stealing 183 ETH (worth approximately $367,000). The attack took place shortly after the Ethereum-based yield aggregator initiated its highly anticipated airdrop campaign.
What is ForceDAO?
ForceDAO describes itself as a decentralized autonomous organization (DAO) for quant finance, designed to provide superior yield generation through community-proposed strategies. It incentivizes strategists with significant rewards while optimizing returns from DeFi protocols.
The platform issued its FORCE token as part of its airdrop campaign on April 3, aiming to attract users and build momentum around its DeFi yield aggregator.
The Hack Explained
The attack was executed by four “black-hat” hackers exploiting a known vulnerability in Solidity, Ethereum’s smart contract coding language.
Mudit Gupta, blockchain lead at Polymath Network, explained on Twitter that the hackers manipulated how xFORCE tokens were managed. The vulnerability allowed attackers to exploit the token’s return mechanism, granting them unauthorized access to FORCE tokens.
Key details of the attack:
- Hackers drained 183 ETH worth approximately $367,000.
- A “white-hat” hacker alerted the ForceDAO team, helping to limit further losses.
- The root cause was identified as an engineering oversight in a forked SushiSwap smart contract.
ForceDAO’s Response to the Hack
The ForceDAO team acted swiftly to minimize the damage. They moved 60 million FORCE tokens from the treasury’s multi-signature wallet into a deployer wallet. This allowed them to initiate votes to burn FORCE balances from three of the hacker’s addresses.
ForceDAO’s Post-Mortem
ForceDAO released a detailed post-mortem acknowledging the engineering oversight that enabled the attack. The team outlined their next steps:
- Conducting an investigation into the source of the malicious addresses, some of which originated from exchanges like FTX and Binance.
- Relaunching the xFORCE token and compensating users through a snapshot mechanism.
Market Reaction
The hack led to a dramatic decline in the value of FORCE tokens:
- After launching and reaching a high of $2 per token on April 4, FORCE dropped by over 95%, trading at $0.05 at the time of this report.
Lessons and Implications
ForceDAO’s hack serves as a stark reminder of the vulnerabilities in DeFi protocols. While the platform’s ambitious vision and airdrop campaign attracted attention, the exploit underscores the need for:
- Rigorous Smart Contract Audits: Ensuring all contract code is free from known vulnerabilities before launch.
- Rapid Incident Response: The quick intervention by ForceDAO mitigated further losses and prevented a complete collapse of trust.
- Community Trust-Building: The ForceDAO team’s transparency in addressing the issue will play a key role in its recovery.
ForceDAO has vowed to relaunch with stronger safeguards, but the hack highlights the risks inherent in DeFi projects, even those with promising goals.
Follow BitcoinWorld for the latest updates on ForceDAO and DeFi developments.
Disclaimer: The information provided is not trading advice, Bitcoinworld.co.in holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.