ForceDAO Exploited for $367K after Launch Due to "Engineering Oversight"

ForceDAO, a newly-launched DeFi aggregator, seems to have gotten off on the wrong foot. Hours after it launched, several malicious hackers managed to exploit 183 ETH, worth roughly $367,000, from the platform. A 'white hat' hacker alerted the team and helped to prevent further losses from being incurred.

In a post-mortem report of the attack, ForceDAO has explained that the hackers were able to abscond with the funds due to an 'engineering oversight'. According to CoinTelegraph, the ForceDAO team made the decision to transfer 60 million FORCE tokens from the platform’s treasury wallet into a 'deployer' wallet. This will begin the process of burning the balance of FORCE tokens that have been moved to the hacker’s wallet addresses.

POST-MORTEM

To the Force and DeFi community, we'd like to share a post-mortem on the recent xFORCE exploit.

Thanks to everyone technical and non-technical who helped along the way.

Especially to the White Hat who helped deter FORCE getting drained.https://t.co/MK2GH69yLd

— Force (@force_dao) April 4, 2021

In addition, the platform clarified in the post-mortem that: “all funds on our platform are safe, only xFORCE was affected.”

What Happened?

According to the post-morterm, the hackers exploited a Fork Fork A fork can occur when a blockchain diverges into two potential paths forward, there is a change in protocol, or a scenario occurs in which two or more blocks have the same block height.Because blockchain networks are decentralized, the participants on the network must come to an agreement when it comes to things like software upgrades to a network. This is called consensus.When consensus cannot be achieved on a software upgrade, a fork occurs, effectively representing a divergence in software th A fork can occur when a blockchain diverges into two potential paths forward, there is a change in protocol, or a scenario occurs in which two or more blocks have the same block height.Because blockchain networks are decentralized, the participants on the network must come to an agreement when it comes to things like software upgrades to a network. This is called consensus.When consensus cannot be achieved on a software upgrade, a fork occurs, effectively representing a divergence in software th Read this Term of a SushiSwap Smart Contract Smart Contract A smart contract is a piece of software that automatically executes a pre-determined set of actions when a certain set of criteria or met. One of the key tenets of smart contracts is their ability to perform credible transactions without third parties and are self-executing, with their conditions written into the lines of code that form themAdditionally, these transactions are both trackable and irreversible. For example, a smart contract could be used to give royalty payouts to a musical artist A smart contract is a piece of software that automatically executes a pre-determined set of actions when a certain set of criteria or met. One of the key tenets of smart contracts is their ability to perform credible transactions without third parties and are self-executing, with their conditions written into the lines of code that form themAdditionally, these transactions are both trackable and irreversible. For example, a smart contract could be used to give royalty payouts to a musical artist Read this Term. The smart contract contained a mechanism that could revert tokens that were used in failed transactions. Hackers exploited a flaw in this contract that essentially allowed them to mint xFORCE tokens, which were then withdrawn and exchanged for ETH.

The ForceDAO team has acknowledged that the exploitation was preventable: “This could’ve been prevented by using a standard Open Zeppelin ERC-20 or adding a safeTransferFrom wrapper in the xSUSHI contract,” the team said.

Moreover, the team noted that some of the addresses that allegedly belong to hackers originate from two popular cryptocurrency exchanges: FTX and Binance. The ForceDAO team wrote that: “we’re currently engaged with 2 separate security firms to review and analyze our repos to ensure all contract systems perform as designed.”

As a result of the drama surrounding the launch, FORCE token prices have dropped significantly. CoinTelegraph reported that: “following the launch and airdrop, FORCE token prices surged to over $2 on Apr. 4, but have since crashed over 95% to $0.05” as of 8am GMT on April 5th. At press time, the price of FORCE was roughly $0.07.