From infosecurity-magazine.com
Hackers have made off with at least $25m from two cryptocurrency firms after apparently targeting them with “reentrancy attacks” over the weekend.
The raids affected decentralized lending platform Lendf.Me, which is supported by a decentralized finance (DeFi) network known as dForce, and crypto exchange Uniswap.
According to Tokenlon, the organization behind digital currency imBTC, the attackers first struck on Saturday exploiting a vulnerability at Uniswap in combination with the ERC777 token standard.
A reentrancy attack enables attackers to continually withdraw digital funds without being challenged until the status of the initial transaction changes.