dForce, the popular DeFi protocol, recently announced the return of its 3.65 million dollars lost to an exploit. All the exploited funds have been returned to the Arbitrum and Optimism vaults.
Peckshield, the on-chain security firm, confirmed that dForce had a security breach on February 13. dForce instantly restricted its vaults to secure the remaining funds. The move worked well, as the firm saved the rest of the funds from the breach.
In a quick turn of events, the DeFi protocol managed to get all the exploited funds back within three days. In addition, dForce has announced that it will compensate every affected user, making it a perfect ending for everyone.
According to the latest string of tweets by dForve, the protocol found the exploiter, who identified himself as a whitehat. Negotiations were conducted with the breacher, and the protocol offered a bounty. Moreover, the dForce agreed to drop the investigations and legal actions against the attacker.
While the attack directly involved the Optimism and Arbitrum layers, the losses also affected three assets. Luckily, the protocol remained functional and safe, especially in dForce Lending. Peckshield did not release any more information but has assured to share an in-depth report later.
BlockSec, the blockchain security system, even flagged the attack, linking it to a read-only reentrancy in the pool. dForce acknowledged Peckshield and BlockSec for the support. In addition, the protocol thanked the security firm, SlowMist, for their part in the investigation.
In the most recent few years, dForce acknowledged spending less than $3 million on security assessments and bounty programs. The protocol is planning to extend its bounty scheme, which promotes ethical violations. Because the protocol places a high priority on the bounty program, dForce views security as a never-ending activity.