Force DAO saw a devastating hacking attack this Sunday morning, causing its price to crash.
The attackers breached its xFORCE contract, minting xFORCE tokens for free, then exchanging them for FORCE.
After withdrawing the tokens, one of the attackers — presumably 5 of them — returned a portion of the funds.
Force DAO recently suffered a hacking attack, which resulted in a theft of over $376,000, after the attackers minted xFORCE and then exchanged it for FORCE before running with the money.
DeFi hedge fund known as Force DAO was attacked only 24 hours ago, which forced its price to start heading down at a rapid rate. Early Sunday morning, five attackers hit the website, according to one of the project’s analysts. Out of the five individuals who attacked, one decided to return their portion of the stolen funds.
Force announced the incident on Twitter, noting that all of their vaults are safe and unreachable, and that the investigation of the incident is their next step.
According to the information published in a series of tweets by Mudit Gupta, the attackers used a vulnerability of the xFORCE contract to steal xFORCE tokens. Basically, they could use the deposit function in order to mine xFORCE tokens, even if they didn’t have any FORCE tokens to deposit. After making xFORCE tokens for themselves, hackers could withdraw real FORCE tokens from the xFORCE contract, and exchange xFORCE for FORCE.
Gupta commented on the incident, and particularly on the bug, noting that it is a common flaw in the Solidity world. On top of that, Gupta believes that no security expert reviewed these contracts, meaning that the project had no audits.
Attack Impacts the Coin’s Price
Of course, the attack had far-reaching consequences. The project’s native token, FORCE, plunged as soon as the news of the incident started to spread, and is currently down by over 80%. Interestingly, CoinGecko data shows that the coin started seeing a strong price increase in the early Sunday hours before the attack.
Force DAO even went from $1 to $2.21 in a matter of only a few hours. Then, its price crashed to $0.02429019. It tried to recover slightly after the initial drop, reaching $0.51, only to drop again, and try recovering again. The price eventually gave up on any attempts at recovery, reaching $0.06 and trading sideways since then.
As for the attackers, they managed to steal around $376,000. The attackers stole more initially, but one of them returned a portion of the money, so the final amount sits at $376k.