The hackers who stole $25 million from DeFi lending platform dForce have begun to return some of the funds after realizing they were unable to sell them. Some of the haul stolen from dForce’s lending partner Lendf.me were in a format that already had restricted use, but once the hackers’ addresses were blacklisted by exchanges they had no way of capitalizing on their theft, leading to something of a first in the cryptocurrency space – they sent some back.
Address Blacklisting Shafts Hackers
The dForce hack made headlines over the weekend and beyond, one of two hacks by the same gang utilizing an exploit in the Uniswap liquidity provider to drain the pools of their contents.
The hackers stole a mix of stablecoins and wrapped ETH/BTC, some of which was in formats that would only work on specific platforms – for example Huobi BTC (HBTC) and Huobi USD (HUSD) – and with exchanges and token issuers taking swift action in blacklisting the addresses the stolen funds were sent to, the hackers were left with no choice but to leave the funds to stand idle or return them.
Negotiation Via Etherescan
In a novel use of the ‘input data’ field on Etherscan, dForce and the hackers began negotiating the return of the funds, a trend that soon caught on and saw others sending $0 transactions to the same addresses pleading for the money to be returned:
WOW. The hacker sent PAX to the address that sent the message to the hacker. @dForcenet check thishttps://t.co/BTHL4wy1jK pic.twitter.com/EFjQBVAMOg
— Frank Topbottom (@FrankResearcher) April 19, 2020
People are now sending $0 transactions to the attacker with memos pleading with him to return the funds.
dForce also dropped a contact email. pic.twitter.com/OTU4MfXSwi
— Haseeb Qureshi (@hosseeb) April 19, 2020
dForce CEO Mindao Yang took to Medium to confirm that negotiations were going on with the hackers to return the funds that they could not possibly use, with some $3 million worth already returned. Yang has since posted a further update that could see the already novel tale take another twist:
We have been working non-stop over the past 24 hours. I will detail all of the actions we have taken in a future post. However, at this time, the situation is still evolving quickly and I need to focus on pressing matters that could change the outcome of this ordeal.
Centrally Issued Tokens Prove More Practical Than Ideological
The use of centrally issued tokens like HBTC and HUSD on a decentralized platform has not always gone down well with purists, but the fact is that these are the only token types that have any chance of being sent back to dForce.
There are greater ideological ‘risks’ applied to centralized tokens of course, but there is a far greater practical risk of using completely decentralized tokens on platforms that are in early stages of development and clearly have severe security flaws.