The decentralized finance protocol dForce has recovered all $3.65 million in exploited funds after a sophisticated read-only reentrancy attack targeted its wstETH/ETH pool integration with Curve Finance on both Arbitrum and Optimism. The incident, which unfolded on February 10, highlighted persistent vulnerabilities in DeFi’s most trusted infrastructure components.
The Exploit Mechanics
The attacker executed a carefully choreographed sequence exploiting a well-documented read-only reentrancy vulnerability in Curve Finance’s liquidity pools. The exploit began with flash-loaned funds deposited into Curve’s wstETH/ETH pool. The attacker then deposited the resulting LP tokens into dForce’s wstETHCRV-gauge vault on both Arbitrum and Optimism.
Upon calling the remove_liquidity function, the attacker’s malicious contract reentered the protocol during the callback, manipulating the virtual price that dForce used as an oracle for wstETHCRV-gauge tokens. This price manipulation allowed the attacker to profit from the liquidation of other users who had used wstETHCRV-gauge as collateral. The operation netted approximately $1.9 million on Arbitrum and $1.7 million on Optimism.
The attacker’s Ethereum address was funded through Railgun on the mainnet, with funds bridged to Optimism and Arbitrum via Synapse. Blockchain security firms SlowMist and PeckShield were among the first to identify and analyze the attack transactions.
Affected Systems
dForce’s lending protocol was the primary target, specifically its wstETHCRV-gauge vault integration. The attack affected users on both Arbitrum and Optimism layer-2 networks. Users who had supplied funds to dForce Lending and other vaults remained safe, as the exploit only affected positions using the wstETHCRV-gauge as collateral.
This was not dForce’s first encounter with a major exploit. In April 2020, the protocol lost $25 million to an ERC-777 reentrancy vulnerability, though those funds were also eventually recovered. The recurring nature of these incidents raises questions about protocol security practices and the thoroughness of pre-deployment audits.
The Mitigation Strategy
dForce responded by immediately pausing all vaults after confirming the incident. The team publicly stated that user funds in lending vaults and other unaffected positions were safe. They also sent on-chain transactions directly to the attacker’s address on both networks, offering a white-hat bounty via transaction input data.
The remarkable turnaround came on February 13, when the exploiter returned all funds to dForce’s multisig wallets on both Arbitrum and Optimism. dForce confirmed the recovery and pledged that all impacted users would be made whole, with distribution details to follow in subsequent days.
Lessons Learned
The most troubling aspect of this exploit is that the vulnerability was already well-known. ChainSecurity originally reported the read-only reentrancy issue to Curve and affected projects in April 2022, nearly a year before the dForce attack. Curve Finance itself had provided a known workaround: calling any method with the nonreentrant lock, such as removing zero liquidity, which represents the cheapest mitigation.
Similar exploits had already hit Midas Capital and Market.xyz using the exact same vector. The pattern underscores a systemic failure in DeFi: known vulnerabilities continue to cause losses because protocols either fail to implement available fixes or are unaware of the disclosures.
User Action Required
For DeFi users, this incident serves as a reminder to diversify collateral types and avoid overconcentration in any single protocol’s vault strategy. Users should verify that protocols they interact with have implemented the latest security patches, particularly for well-documented vulnerabilities like Curve’s read-only reentrancy. With Bitcoin trading at approximately $21,800 and Ethereum at $1,507, the broader market remains sensitive to negative sentiment from exploits, making individual vigilance even more critical.
Disclaimer: This article is for informational purposes only and does not constitute financial advice. Always conduct your own research before interacting with any DeFi protocol.
full recovery in 3 days is actually impressive. most protocols just freeze and hope people forget. respect to dForce for negotiating with the attacker
attacker returned the funds. probably saw the heat and decided a whitehat bounty was the better play. smart move honestly
full recovery in 3 days is genuinely rare. dForce must have had serious leverage in those negotiations with the attacker
full recovery is rare. dForce getting the attacker to return everything in 3 days means their comms team earned their paycheck. most teams just post a vague governance proposal and hope
1.9M on arbitrum and 1.7M on optimism. flash loans making it way too easy for attackers to pull these off
flash loans turned every solidity dev into a potential attacker. the barrier to exploiting a reentrancy bug went from needing capital to needing zero capital overnight
read-only reentrancy has been documented since 2021. how many more protocols need to get hit before teams audit their oracle integrations properly
read-only reentrancy keeps popping up because protocols copy Curve integration code without understanding the oracle assumptions. its the same bug different wrapper every time