Decentralized finance startup dForce to return funds to users after $24.9M attack

Quick Take

  • dForce has has outlined an “asset redistribution plan” after an attacker returned all $24.9 million in compromised assets
  • The move comes after the attack took place on April 19

dForce – the decentralized finance (DeFi) startup that recently lost nearly $25 million in an attack – said Monday that it is moving to compensate all users for their stolen assets after the funds were returned, according to a company announcement.

On April 19, an outside party attacked lendf.me, dForce's lending protocol, siphoning away all $24.9 million of the contract's total locked value. Four days later, in a surprising twist, the attacker returned all assets back to the project. 

On Monday, the company said in a tweet that "[o]ver 90% of assets have been distributed to users in less than 24 hours. 100% users have been made whole in the recovery. We will disclose more future actions shortly."

"Given that hacker was only able to exchange a few assets before returning the funds, we have elected to rebalance most of the portfolio back to the last state prior to the contract being attacked and the pausing of the contract," explained a company blog post. "The funds are secure, and we're eager to return them."

The blog post also outlined procedures for asset withdrawal and loan repayment.

Users with outstanding balances on their accounts can request fund withdrawals, which will be processed on a case-to-case basis. For those who do not make a request, their assets will be returned automatically within a week. 

If users have taken out loans from the protocol, they need to repay them in a week in order to get their collateral back. If they fail to do so, dForce will sell their collateral to cover the outstanding loans while the remaining assets will be returned to users' addresses in the form of stablecoins.

Notably, there have been several phishing attempts targeting dForce users, the blog post claimed. The company reminded users to only make transactions through the company's official website. 

"While we are very much eager to inform the community of the action items we will be taking to ensure asset security and system robustness going forward, we do believe that returning the stolen funds to the users is the absolute priority at this moment," said the blog post.


© 2021 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

Related Reading

Get Your Crypto
Daily Brief

Delivered daily, straight to your inbox.

More