On the same day of its launch, the DeFi Force DAO protocol was the victim of a hack in which it lost nearly $360.000 of its users' deposited funds. A group of hackers found a security vulnerability in the protocol that they exploited to extract the funds.
The protocol DeFi Force DAO was the victim of a security exploit on the same day it was launched, just after it had gone live. The hack occurred when a group of cybercriminals took advantage of a security vulnerability present in the protocol's xFORCE smart contract to extract the funds, and take a total of 183 ETH, equivalent to about $367.000, that the project's users had deposited.
The protocol developers have just published the first report forensics to explain what happened in Force DAO, and claimed to be working to fix the security vulnerability to mitigate a similar situation from occurring again in the future. In its report, Force DAO explains that the rest of the funds deposited in the protocol are safe, and only the xFORCE contract was affected by the hack.
“Attention: The airdrop has been stopped due to the exploitation of the xFORCE contract.”
As expected, the hack caused the price of the protocol's native token, called FORCE, to collapse in the markets, falling by more than 93% of its value at press time. FORCE had reached a value above the $2,30.
It may interest you: DODO joins the long list of victims in DeFi but recovers 50% of the funds
Liquidity providers affected
Force DAO is a decentralized protocol that works as a yield aggregator, based on the Ethereum blockchain, whose xFORCE contract is a fork of the xSUSHI contract.
The hack that the contract suffered affected the liquidity providers (LP) of the xForce contract that maintained liquidity deposited in the FORCE-ETH pair, in the UniSwap and SushiSwap protocols. The developers of the protocol announced that they will soon compensate those affected by this attack.
Force DAO is preparing for a new launch, which will be accompanied by a new token, as they continue to investigate the security flaw to mitigate future risks. Although the security incident occurred within hours of its launch, and is a serious security flaw exploited at an early stage for Force DAO, the developers say they have faith that they will be able to continue with the protocol and be successful within the industry.
The recent hack joins at least a dozen exploits suffered in DeFi so far this year, which already total more than $100 million in losses.
One of the hackers returns the funds
On Twitter, the head of the Polymath blockchain team, Mudit Gupta, claims that one of the hackers who participated in the attack returned the stolen funds.
The Force DAO developers also decided to transfer 60 million FORCE tokens from the treasury multi-signature wallet to a deployer wallet, to execute three votes and burn the funds in three hackers' addresses, which are kept in FORCE.
In total, the Force DAO forensic report explains that there were 5 hackers who participated in the protocol exploit. Excluding the hacker who returned the funds, the other 4 kept the stolen $367.000.
Continue reading: Another DeFi exploit takes $15 million haul from Furucombo protocol
