DFX Finance Hacked for $4M – Attacker Moves Funds Through Tornado Cash A hacker has stolen about 3,000 ETH worth around $4M from DFX Finance’s Polygon liquidity pools. A MEV bot extracted a large sum of stolen funds. The decentralized exchange will close its liquidity pools on Polygon. DFX’s value plummeted 34% following the news.
Stablecoin-focused decentralized exchange DFX Finance (DFX) suffered an attack on Friday, November 11, resulting in the loss of $4 million in stolen funds.
PeckShield, a blockchain security firm, tweeted early Friday morning that a hacker managed to siphon about 3,000 ETH, worth around $4 million at the time of writing, due to a “lack of proper re-entry protection.”
DFX Finance confirmed the hack, stating that it was notified of suspicious activity within 20 to 30 minutes of the initial transaction and “put a pause on all DFX contracts within minutes of confirmation of the attack.”
The price of the exchange’s native token, DFX, plummeted when the news broke. The token is currently trading at $0.17 at the time of writing, down 34% in the past 24 hours and down 99% from its all-time high of $24.87, according to data from CoinGecko.
DFX Finance claims that the hacker routed the illicit funds through Tornado Cash, an Ethereum-based mixer sanctioned by the US government earlier this year. The exchange also revealed that a MEV bot was able to intercept and extract a large sum of the stolen funds and has asked the bot’s owner to get in touch with them.
The exchange further noted that Polygon contracts have proven to be particularly vulnerable to such attacks and announced its intention to shut down the associated pools. DFX will reportedly enable a temporary withdrawal-only mode while prompting Polygon LP holders to withdraw their funds.
DFX Finance mainly focuses on trading stablecoins. The platform offers liquidity mining and other features with non-US stablecoins such as Canadian dollar-pegged CADC, euro-pegged EURS, and Singapore dollar-pegged XSGD.
The decentralized exchange has strong support, including investments from industry giants like Polychain Capital, Hex Capital, and CMS Holdings.
2022 has proven to be a rough year for the project, which played a role in the Coinbase (NASDAQ:) insider trading controversy before subsequently being classified as a security by the US Securities and Exchange Commission (SEC).
The attack on DFX Finance is just one of many that have taken place in recent months. In October, Mango Markets, a Solana-based decentralized exchange, had $114 million stolen from its reserves, while TempleDAO, a yield farming-based DeFi protocol, lost $2.4 million and Binance had $100 million drained. Bitkeep, a multichain crypto wallet, also lost $1 million to hackers in what has since been the worst month of exploits in crypto history.
Chainalysis, a blockchain research platform, estimates that hackers stole more than $718 million in the first two weeks of October alone.
On the flip side
While unlikely, it is possible that the hacker will return at least some of the stolen funds. The owner of the MEV bot can still return some of the intercepted funds.
Why you should care
Attacks on decentralized exchanges have shown no signs of stopping this year. As always, users should exercise their due diligence to determine which platforms and exchanges are trustworthy enough and offer high enough security standards to hold their funds.
You May Also Like:
Deribit hackers are moving stolen ETH to a blacklisted mixing service, Tornado Cash
See original on DailyCoin