There have been reports that wstETH/ETH Curve gauge vaults on Arbitrum and Optimism have been exploited in the last several hours. The dForce Vaults were reportedly put on hold as soon as the issue was discovered as dForce took rapid action. Later, the company reassured customers that other components of the protocol had not been compromised and that their payments were still secure with dForce.
The magnitude of the attack
The danger posed by the attacker to the company was significant and incurred losses to the company. The pricing oracle that the dForce lending protocol uses were susceptible to alteration by the adversary. Following that, the attacker placed bets in order to earn gains at a price that was slanted toward them.Â
The exploiter was able to liquidate a number of positions using the wstETHCRV-gauge as collateral since the price of the dForcenet wstETHCRV-gauge asset was manipulated via reentrancy. This made the hack feasible. This resulted in a loss of around 1.91 million in Arbitrum and approximately 1.73 million in OptimismFND.
What makes crypto firms vulnerable to hacks?
Poor security procedures, unpatched software, phishing attacks, social engineering, and even insider attacks are just some of the many reasons why cryptocurrency businesses may be compromised. Weak passwords, no two-factor authentication, and improper storage of private keys are all examples of bad security habits. Outdated software may introduce security holes that hackers may exploit. Additionally, also people might be duped into giving out confidential information like passwords and private keys through phishing attacks.
The use of social engineering tactics by hackers is another method they might employ to get access to private information. A major danger comes from insiders, such as workers or contractors, who have access to private data. Hacks are hard to solely eliminate as nothing can be built to perfection. However, making the right choice on how to store your crypto assets is very vital.