Recent Lendf.me Hack Has DeFi Users Wary

in #defi5 years ago

Yesterday I mentioned a DeFi project that had recently been hacked and then almost immediately had all of its funds restored by the hacker. That was in my post about EOS. The whole process took a little more than a day, but the amount was an enormous $25 million worth of crypto. Now the etherscan address is just a repository for private notes to the hacker. Check it out.

Speculation about why the hacker suddenly returned so much money has run rampant. Was it just a young developer trying out something s/he had read about? Was it an inside job? Was it all just a big publicity stunt to get the name Lendf.me and dForce into the mouths of the blockchain investment community? And if that's true, would anyone still be willing to put in funds to a platform that has given up such a high-profile hack? What kind of investor does that? 🤨 These are the questions that I need answered!

If you sign up for etherscan, you can observe an interesting exchange of on-chain messages. Decentralized exchange aggregator 1inch.exchange always seems to be at the center of these DeFi rows. For now, I'm giving them the benefit of the doubt because their platform is awesome! I use it and have never had a bad experience. The logo kinda looks like the Uniswap unicorn on steroids, which kind of gives you an idea of what the platform does. Think of it as kind of like kayak for DeFi - all the best deals bundled up on one site. You can even execute from their dashboard!

So 1inch traced the IP of the hacker back to a single Chinese IP address and reported it to the Singapore police. The thief was so careless that s/he didn't even use the privacy function of their browser!

Those of us in the DeFi space who want to see this fledgling industry prosper, however, must be wary of hacks like this. Even though this story has a happy ending, the reputational damage to the entire industry, not just Lendf.me and the associated dForce Network themselves, will take months to repair. For all of our projects to prosper, this pattern has got to be stopped. At the moment, this is how DeFi'ers feel:

Imagine how the user community feels!