Over $25 million in cryptocurrencies has been stolen from two platforms.
The first, the Uniswap exchange, has been in beta for some time. The second, the Lendf.me website, is used for lending funds to others. Both were under attack this weekend, and it is believed these attacks are related, according to a report from ZDNet.
Interestingly, the entity was able to commit this attack by utilizing bugs from other blockchains, creating what they call a “reentrancy attack.” This means those hackers were able to keep pulling out funds before the initial transaction went through. Essentially, they opened up the path for a transaction, and pulled out a ton of money before the network confirmed or denied that path.
On top of this, the publication notes that both platforms were taking advantage of the Lendf.me protocol, imBTC, and ERC-777. The first, Lendf.me, was described above. The second is an asset that runs 1:1 with Bitcoin’s price, though it works on an Ethereum smart contract platform. Finally, the third is a technology that supports smart contracts on Ethereum.
A blog post on the matter details that imBTC holders who did not deposit onto the Lendf.Me platform will not be affected:
“At present, the imBTC holders who did not deposit imBTC to the Lendf.Me platform are not affected. imBTC transfers will be resumed after Tokenlon and partners are confident that it is secure to do so.”