Highlights:

  • It is believed that hackers have stolen funds from Uniswap and Lendf.me by using an exploit shared on GitHub
  • The heist is worth USD 25 million (cryptocurrency)
  • The attack appears to be a chained one where hackers have put together bugs to create reentrancy attack for repeated withdrawal of funds

Cryptocurrency worth more than USD 25 million has been stolen by threat actors by exploiting the Uniswap exchange and Lendf.me lending platform.

The attack details

The cyberattack took place over the weekend. Investigation of the heist is in process, and the two attacks are believed to be related. Most likely, they are anticipated to be performed by the same set of people or individuals responsible for exploiting GitHub.

As per investigators, hackers have carried out the attack with chained bugs and legitimate features from  various blockchain technologies  to successfully  organize a sophisticated “reentrancy attack.”

A reentrancy attack is a format that permits threat actors to drain funds on the repeat mode. In fact, it takes place in a loop even before the original transaction is approved or declined.

Why did both the platforms fall prey to the attack? Did they have anything in common?

Let’s take a look at the similarities between the Uniswap exchange and Lendf.me lending platforms:

  • The Lendf.me protocol worked on a Decentralized Finance (DeFi) protocol built by dForce Foundation to support lending operations on the Ethereum platform.
  • imBTC: A token (coin) that functions on the Ethereum platform and is priced at a 1:1 rate with Bitcoin.
  • ERC-777: One of the core technologies of Ethereum blockchain to support smart contracts (Lendf.me and imBTC run as smart contracts on the Ethereum platform).

Tokenlon, the company behind imBTC, stated, “The ERC-777 token standard has – to our knowledge – no security vulnerabilities.”

The combination of ERC 777 tokens and the two platforms enabled reentrancy is what the company mentioned in the reports related to the attacks.

It is also believed that the cybercriminals have made use of an exploit published on GitHub in July by OpenZeppelin, a company that works on security audits for cryptocurrency platforms.

Experts say that hackers used the reentrancy attack to drain off funds from the two platforms to their wallet, and without any delay transferred them to other accounts.

To curb the side effect of the attack and further damage, both the sites have been taken down for prevention. Tokenlon has also suspended the imBTC token to prevent hackers from performing new attacks.