Haseeb Qureshi, managing partner of Dragonfly Capital, describes how the Lendf.me attack happened, why imBTC was involved in that hack and a $300,000 hack involving Uniswap the day before, and how the ERC-777 token standard was involved. He also recounts what happened after the attack, including messages sent to and from the hacker, how the Chinese and Western DeFi communities had different responses, and how the hacker ended up returning the funds. Plus, he goes into the details of what he knows about why the attacker did so.
Thank you to our sponsor!
Crypto.com: https://crypto.com
Episode links:
Haseeb Qureshi: https://twitter.com/hosseeb
Dragonfly Capital: https://www.dcp.capital
The Block on the exploit: https://www.theblockcrypto.com/linked/62346/multicoin-capital-backed-defi-protocol-dforce-loses-25m-total-locked-value-in-an-exploit
News about dForce bringing imBTC to Lendf.me: https://medium.com/imtoken/dforce-brings-imbtc-to-defi-lending-c739b5cc0643
More about imBTC: https://token.im/blog/en-us/articles/360037559114
Compound CEO Robert Leshner’s comment referring to how dForce stole Compound’s code: https://twitter.com/rleshner/status/1251717261888385025?s=20
More on imBTC attack on Uniswap: https://defirate.com/imbtc-uniswap-hack/
Medium post on whether or not the ERC-777 standard is to blame: https://medium.com/@provablethings/is-a-new-token-standard-really-to-blame-for-the-imbtc-uniswap-and-dforce-attacks-31c62e2bc799
The Block on the new token standard: https://www.theblockcrypto.com/daily/62568/ethereum-token-standard-open-finance-exploits
Larry Cermak tweet about centralized tokens: https://twitter.com/lawmaster/status/1251953291891802112
Su Zhu on the hacker perhaps being exposed via VPN: https://twitter.com/zhusu/status/1252479842261450753?s=20
Links from news recap:
https://unchainedpodcast.com/unbelievable/