Hackers targeted two cryptocurrency platforms, Uniswap crypto exchange and Lendf.me lending platform. As reported, the hackers managed to steal cryptocurrency worth $25 million from both platforms.
Reportedly, hackers have recently targeted two cryptocurrency platforms, Uniswap and Lendf.me, to steal crypto assets worth $25 million. Uniswap is a cryptocurrency exchange, whereas, Lendf.me is a cryptocurrency lending platform.
Briefly, the attackers exploited a reentrancy vulnerability to target both services. Both Uniswap and Lendf.me had a few things in common, which might have triggered similar attacks. These include the involvement of Lendf.me protocol (powered by dForce decentralized finance (DeFi) protocol), imBTC token (powered by imToken), and ERC-777 – an underlying technology of Ethereum blockchain facilitating smart contracts. The same technology empowers imBTC and DeFi protocol to run as smart contracts.
According to an analysis shared by PeckShield, a blockchain security firm, the attackers exploited a reentrancy vulnerability due to the incompatibility of ERC-777 with both smart contracts.
Whereas, imToken has also elaborated on the same reason for the attack.
Regarding how the attackers could conduct this attack, imToken hinted towards a 2019 exploit available on GitHub.