Change of Heart? Dramatic Twist in Lendf Incident as Attacker Returns All Stolen Funds
Recently, there has been a significant development in the attack on the Ethereum DeFi platform Lendf.Me. The attacker returned tokens worth $2.79 million yesterday and today refunded the remaining nearly $22 million. It is speculated that the attacker may have realized their IP address was exposed, feared legal repercussions, and ultimately decided to return the stolen funds.
Table of Contents
Almost All Stolen Funds Returned
The DeFi platform Lendf.Me under the dForce protocol suffered a re-entry vulnerability attack, resulting in a loss of $24 million. However, unexpectedly, the attacker returned a large amount of the stolen funds to the team over the past two days for reasons unknown. Currently, almost all the stolen funds have been returned to the team.According to analysis by The Block's Research Director Larry Cermak on today's Etherscan data, the attacker returned the equivalent of $2.79 million in tokens to dForce yesterday, and today returned the remaining nearly $22 million in full. Essentially, all tokens have been returned, with the $2 million difference primarily due to market downturn in recent days. Below is the quantity of tokens returned by the attacker and their estimated value in USD:
Inexperienced Hacker?
The reason the attacker returned the stolen funds may be due to discovering that they inadvertently leaked their IP address and other important data during the process. Shortly after a successful attack, the attacker sent three transactions of PAX tokens worth $250,000 to 1inch.exchange, ParaSwap, and an address labeled as Lendf.me admin, seemingly trying to convey a message, as PAX in Latin coincidentally means "peace."
1) The second attack using imBTC is more interesting. At the very beginning, attacker drained imBTC from other users on https://t.co/pJgDLnFcmq. Further, he repeated iterations to increase the ability to borrow other assets.
The attacker in each iteration (tx) did the following:— Igor Igamberdiev (@FrankResearcher) April 19, 2020
When interviewed, CEO Sergej Kunz of 1inch.exchange stated that the attacker inadvertently disclosed important data about themselves by directly using a web-based content delivery network instead of utilizing decentralized networks like IPFS. Specifically, all three transaction requests initiated by the attacker originated from the same Chinese IP address, indicating that the attacker did not use decentralized networks like Tor. With the unintentional disclosure of many fragmented data pieces by the attacker, Sergej Kunz remarked:
“He is a skilled engineer but inexperienced as a hacker.”
According to Sergej Kunz, his team has shared the attacker's IP address with the Singapore police to assist in the investigation, and the attacker may have returned all funds to avoid escalation of the situation.
Related Reading
- 【SlowMist Analysis】Detailed Analysis and Defense Recommendations for DeFi Platform Lendf.Me Hack
- Yin Cao: The Lendf Incident Resembles Apollo 13, Paying Tribute to DeFi Explorers
Join Telegram now for the most comprehensive Fintech information, blockchain insights, and industry examples!
Related
- Meng Yan: The bull market has begun, A-shares are just the beginning, the altcoin season will depend on the outcome of the US election.
- Token2049's top KOL revealed to have bought followers and comments, turning into a farce
- 1confirmation Q2 2024 Investment Report: Lack of Innovation, Ethereum Market Cap to Surpass Bitcoin Within Five Years