Force DAO Protocol Hacked, Token Plunges 95%

Force DAO, a DeFi hedge fund, suffered an attack by a hacker that found a bug in the xFORCE contract, draining 14.8 millions worth of FORCE token (around 34 million on this Sunday morning).

The attack happened after the protocol organised an airdrop yesterday, distributing FORCE tokens to its users. The token plunged at least 95% after the protocol confirmed the attack, going from $2.30 to $0.26.

The protocol confirmed the attack via Twitter and published a post-mortem analysis a few hours later. Accordingly, Force DAO is currently working with two different security firms to review and analyse the contracts.

Other Attackers Took Advantage

The first hacker found a bug in the xFORCE contract’s code that returned a false value when the amount transferred exceeded the account’s balance instead of reverting it.

According to technical advisor Mudit Gupta, this allowed anyone to call the “Deposit” function without holding FORCE tokens. The attacker minted xFORCE tokens from the contract without locking them in the vault.

According to Force DAO, the hacker returned the funds to the pools after founding the contract’s code’s vulnerability. Other attackers took advantage of it and drained millions of dollars, exchanging the funds on Uniswap and Sushiswap.

Other attackers soon followed, draining the pool’s liquidity and taking over $20 million FORCE tokens in just a few hours.

Force DAO is the latest DeFi protocol subject to millions of funds lost. A few days ago, TurtleDex, a Binance Smart Chain-based protocol rug pulled its investors, draining $2.5 million out of the liquidity pools.