DeFi project DFX Finance hacked for $7.5 million

The Ethereum-based, stablecoin-focused decentralized exchange DFX Finance lost assets worth about $7.5 million in an attack.

It seems @DFXFinance‘s DEX pool (named Curve) is hacked (w/ loss of 3000 ETH or $~4M) due to the lack of proper reentrancy protection. Here comes an example tx: https://t.co/tB6Q0SIBSA. The stolen funds are being deposited into @TornadoCash pic.twitter.com/6ft7HYpwpq

— PeckShield Inc. (@peckshield) November 10, 2022

Experts at PeckShield noted that the hack was possible due to the ‘absence of proper reentrancy protection’.

The DeFi protocol team confirmed the incident:

«We were notified about suspicious activity within 20–30 minutes after the first transaction, and we paused all DFX smart contracts within minutes of confirming the attack,» the developers said.

1) Today we were notified about suspicious activity happening in the #DFX contracts. The attack started at Nov-10-2022 07:21:59 PM +UTC originating from wallet 0x14c19962e4a899f29b3dd9ff52ebfb5e4cb9a067.

— DFX Finance (@DFXFinance) November 11, 2022

According to BlockSec researchers, the attacker exploited flash loans to drain liquidity pools, The Block reports. He converted the stolen tokens into ETH and withdrew about $4.3 million in cryptocurrency.

PeckShield gave the same assessment, noting that the hacker was sending funds to the Tornado Cash mixer.

The remaining tokens worth $3.2 million were intercepted by MEV-bot in what is known as a “sandwich attack” — a front-running transaction.

The protocol team urged the bot operator to contact them via social-media channels to discuss asset recovery.

6) We urge the #MEV bot owner to get in contact with us here on Twitter or at our Telegram and Discord.

Polygon pools were not affected as we were able to pause the contracts before the attacker made his way to the polygon side.

— DFX Finance (@DFXFinance) November 11, 2022

In the wake of the incident, the DFX token price plunged from around $0.30 to around $0.18. After the correction, the coin trades near $0.18, according to DEX Screener. This is more than 99% below its May 2021 high ( CoinGecko ). The market capitalization of DFX is around $4.18 million.

The volume of assets locked in the protocol’s smart contracts collapsed from $18.6 million to $3.6 million, according to DeFi Llama.

As PeckShield noted, by the end of October losses in the Web3-industry from exploits since the start of the year had approached $3 billion, PeckShield reported.

Read ForkLog’s Bitcoin news on our Telegram — crypto news, prices and analytics.