April 22, 2020 – In a surprising turn of events, the hacker who drained the funds of DeFi platform Lendf.me has returned the funds. Lendf.me is part of the dForce network.
This week, a hacker drained the funds of Lendf.me worth $24 million. Speculation is that the hacker used a vulnerability wherein they were able to withdraw funds without the balance being updated.
The hacker returned $126,014 to Lendf.me with a note that says, “Better luck next time”. Prior to that, Lendf.me was drained to just $6. Lendf.me sent a message to the hacker via the blockchain, with the note “please check your email”.
— Frank Topbottom (@FrankResearcher) April 19, 2020
Lendf.me next sent a message next with a note, “Contact us, for your future”.
— Frank Topbottom (@FrankResearcher) April 20, 2020
Soon after that, the hacker returned all the funds. Although, due to the dip in crypto prices, the entire returned fund is now worth $22 million instead of $25 million initially.
It was also found out that the hacker may have revealed himself after he leaked important “metadata”. It was revealed he was using a Chinese IP address and that he may be using a VPN or proxy. The VPN or proxy company can be issued a subpoena to obtain information on its users.
Of course, metadata such as IP addresses can be obscured, but it suggests there is hindsight on the part of the hacker. According to Sergej Kunz, the CEO of 1inch.exchange (which was used by the hacker to exchange some of the funds), the perpetrator might be a very good programmer but still inexperienced when it comes to hacking.
This article is published on BitPinas: Lendf.me Hacker Returns All Stolen Funds