Hackers Raid Crypto Firms in $25m Attacks

From infosecurity-magazine.com

Hackers have made off with at least $25m from two cryptocurrency firms after apparently targeting them with “reentrancy attacks” over the weekend.

The raids affected decentralized lending platform Lendf.Me, which is supported by a decentralized finance (DeFi) network known as dForce, and crypto exchange Uniswap.

According to Tokenlon, the organization behind digital currency imBTC, the attackers first struck on Saturday exploiting a vulnerability at Uniswap in combination with the ERC777 token standard.

A reentrancy attack enables attackers to continually withdraw digital funds without being challenged until the status of the initial transaction changes.

Read more…