Lendf.Me was attacked on Sunday and an incredible USD 25.2 million were stolen from them. This was done through an advanced – and known – reentrancy defenselessness that empowers a programmer to pull back imBTC (an Ethereum token esteemed at 1:1 rate with bitcoin (BTC) ) more than once.
However, in an impossible to miss unforeseen development, it appears that the assailant has restored the taken assets. As of now yesterday we saw reports that the assailant has been restoring sure measures of assets, however it wasn’t clear why this move was made. A greater amount of such reports began coming in today also, turning out that the assailant restored all the taken assets at long last.
With respect to why this individual would choose to restore the millions they’ve chipped away at taking is as yet not known decisively, however there are hypotheses. One of the most well known hypotheses is that the aggressor really uncovered their IP address, implying that it could be followed back to them. Jason Choi, Head of Research at Spartan Group, a blockchain warning and speculation firm, noticed that the programmer left “hints of recognizing data while moving the plunder around,” so they need to restore the assets.
“Hearing dForce hacker open to risk of dox via his vpn usage and therefore realized he may get caught,” writes Su Zhu, CEO of Singapore-based investment management firm Three Arrows Capital.
This rendition of occasions may have been affirmed. Matthew Graham, CEO of the China-based warning organization Sino Global Capital, likewise thought about whether an uncovered IP address could be the reason, as indicated by which Sergej Kunz, the CEO of 1inch.exchange, which is a decentralized trade aggregator the programmer used to trade a portion of the assets, affirmed that the assailant did for sure uncover individual metadata that may prompt their capture.
“They leaked information and public pressure made the rest!,” commented 1inch.exchange.
“The crypto community is learning what “script kiddies” are,” says independent researcher focused on blockchain, Georgios Konstantopoulos.
