This free access of Global Coin Research’s news is offered to our loyal readers as a representation of the unique information and insights our members receive weekly.
Subscribe for just $15 a month to get access to all our proprietary information flow.
This article digs into the details of the hack and shares some feedback from the US and the Chinese crypto communities.
After an ongoing series of headlines from theBlock covering the Chinese project dForce this past week, from its investment led by Multicoin Capital, to its $25million hack, the Dforce/Lendf.Me Team announced that they have successfully recovered their stolen assets from the hacker.
While the crypto community may now know how the team recovered their stolen assets at a high level, here were some highlights that stuck out to us.
For one, the speed in which the dForce team reacted to the hack is impressive. From discovering the attack on 4/19 at around 9am to retrieving the funds on 4/21 at around 3pm, the chase merely took about two and a half days. The team detailed a timeline of events in Chinese here, but it’s not yet available in English.
Upon discovering the hack, the dForce team worked together with its investors and the crypto community immediately and acted very quickly. In this case, the teams from dForce, Sparkpool (the CEO of Sparkpool is also co-founder of dForce) and ImToken gathered together to form a task force. From our understanding, the Chinese defi community has been historically very tight-knit and collaborative, but it is nonetheless still very small.
The seriousness in which the dForce team took this incident was obvious, and more importantly, they sought out valuable resources that turned out to be very helpful in chasing down the hacker.
According to the timeline, the dForce team reached out to the Singapore police on 4/19 at 11pm, and immediately the next day the Singaporean officials reached out to the relevant third parties and identified the IP address of the hacker.
While the dForce team claims that they did not get this IP information from the police, any of their collaborators nor from 1inch.exchange that ultimately helped chase down the hacker, the team triangulated information left from the hacker and pressured him into returning the funds on 4/20. By 4/21, Singapore officials have yet to identify the real identity of the hacker and at that point, the hacker has already decided to return the assets, so dForce pulled the charges.
The response from the Singapore police force in a mere one and half days, from communicating with the dForce team to reaching out to the exchange is impressive. As we’ve shared extensively in the past of the welcoming but rigorous business attitude around cryptocurrency and crypto-enabled financial services in Singapore, it’s certainly assuring for companies domiciled there to see this type of protection and regulation sophistication.
One interesting comment from dForce at the end of their statement reiterated that they did not get the information of the hacker from the police nor any third party: “We solemnly declare that the dForce team did not obtain any user sensitive information provided to us by our cooperators.” This seems to have been a statement to protect 1inch and the other exchanges and wallets that helped chase down the hacker.
While this event may soon past us, dForce team is still figuring the appropriate approach to allow customers to redeem funds. One WeChat member joked sarcastically that now, in theory, dForce will be the safest smart contract platform as it’s presumed the team will have 10,000 engineers checking their code.
Reactions From the Chinese Community- “would I still use lendf.me?”
Reactions in the Chinese community around the hack have varied. As the majority of the Defi community shared strong camaraderie since the getgo (often from their early Ethereum days), they were very supportive. The Chinese defi community, upon discovering the hacking news, initially lamented the loss but was overall very encouraging.
Since retrieving the assets, the community has been celebrating and have generally been very positive about the retrieval. While some Chinese community members have applauded the efforts of the Singapore police, others pondered on the current state of the defi ecosystem:
“Regardless of whether the intention was malevolent, it is best to have fewer thefts like these in defi, for the sake of the ecosystem.”
“The main reason that they [dForce] were able to retrieve the tokens is they were able to trace on Ethereum, and the hacker wasn’t using privacy coins. Defi is not a place outside of law.”
“Today’s DeFi has already reached the stage between semi-centralized governance + decentralized agreement. Many DeFi fundamentalists take decentralized ideology to the extreme, while they lack thinking at the application level.”
One community member who claimed he put all of his stablecoins on Lendf,Me shared his extensive thoughts online, concluding with some things that many users of the platform may be thinking about right now:
“After the team retrieved the hacked assets yesterday, a friend asked me, would I still use lendf.me?
I said, it depends on how Lendf will resume and correct itself afterward. I will still use it with a high probability, but will redistribute my positions.
This crisis has made me see a more clear reality. Defi is still at an extremely early stage. The risks are comparable to those of the aerospace of the last century. In the next few years, it is hard to say whether the risks are going to decrease or increase.
Hypothetically, if you set limits for yourself and only conduct simple businesses, perhaps the risks can be gradually controlled. But defi is not set by artificial limitations, it will inevitably become more complicated, just like our human society and space exploration. We are destined to go far unless humanity perishes.
whatever doesn’t kill defi
simply makes it stronger“
Reactions From the Western Community
In the meanwhile, the hacking incident has elevated dForce’s profile in the west, but with mixed feedback.
In the western community, the new of the hack initially erupted into jest following the freshly announced fundraise news led by Multicoin. Now that the assets have been retrieved, western folks are fascinated with the incident and the dForce team is getting a lot of attention from media and KOLs alike.
Users in the dForce English Telegram channel feedback have shared mixed comments as well:
“You’re a very lucky group. Had he (hacker) obfuscated his IP, he likely would have never returned the funds.”
Others weren’t so nice when they first discovered the hack: “This is the kind of hand waving in defi that absolutely disgusts me Mindao. You should quit and leave defi for good. Waste of time questioning you?”
While the profile of dForce has risen in the West, we aren’t sure if its a positive one. In the last year, the company has become one of the most recognizable defi projects in China and the founder Mindao was invited to speak at one of Global Coin Research’s workshops mid-last year. But the scale of the hack, along with previous headlines about the company’s code, will certainly bring negative associations with Chinese defi in the short term.
Moreover, in the last year, Chinese projects and exchanges have not garnered the best optics from the public eye. In amidst of a series of poor headlines around a number of Chinese projects and exchanges that have run out of money, froze their trading, or possibly have run away with users’ money, those who get kicked again and again are the retail users, both in the East and West.
While we are not sure that the business of the company, or defi in Asia in general, will recover in the near term, it certainly seems like the team is trying to do the right thing and that the Chinese defi community will improve from here. As we are still in the very early innings, we expect the teams and projects to only get better and learn from these mistakes and hope that the teams from the West and East learn from each other going forward.