After it recovered the funds from a $25 million hack, DForce announced that it had refunded all its affected users. The decentralized finance protocol platform said that all affected users were reimbursed. According to an April 27 tweet:
“Over 90% of assets have been distributed to users in less than 24 hours.100% users have been made whole in the recovery.”
On April 19, a hacker managed to break into dForce and drain around 99.5% of the locked funds within three hours. Based on earlier reports, the hacker used a widely known vulnerability in the ERC-777 token standard known as a re-entrancy attack by targeting the stablecoin imBTC.
On April 21, just three days after the hack, the hacker returned almost all of the funds to dForce after they accidentally revealed their identity during a fund transfer. This disbursement of funds comes after the release of an “asset redistribution plan” that was announced earlier this week.
Refunding Amid Heavy Criticism
Although the platform managed to recover all the stolen funds; dForce continues to face increasing criticism from the blockchain and crypto communities. It is heavily criticized since it is widely considered to be a ‘copy’ of another similar DeFi platform, Compound. The CEO of multi-platform DeFi project, Kava Labs, Brian Kerr, while commenting on the dForce hack said:
“The dForce team copied code they did not understand from Compound, illegally deployed it as their own; while changing a few parts without realizing the security issues; and then they heavily marketed it to the world without first running very basic audits. The fault is both on the dForce team and the users. dForce didn’t understand what they were doing and marketed an unsafe product.”
Everyone is now on a wait-and-see mode waiting for dForce to make the next move.