Change Of Heart? dForce Hacker Has Returned Most Assets To The Chinese DeFi Protocol

Just days after stealing $25 million from the Chinese DeFi protocol dForce, the attacker has returned almost all the funds. The unexpected events occurred after compelling transactions carrying several memos, contact email exchanges, and pleads from people.

dForce Hacker Returns The Assets

As Cryptopotato reported over the weekend, a hacker exploited the popular DeFi protocol – dForce Network. The attacker managed to drain all $25 million worth of crypto assets from its lending solution Lendf.Me.

In an interesting turn of events, however, the hacker has returned most of the stolen assets.

According to data from the Ethereum blockchain, he initiated multiple transactions starting from about 05:00 UTC today. The address labeled “Lendf.Me Hack” sent the funds to “Lendf.Me project” – the admin address.

Per the records, the most substantial transaction was for 57,992 ETHs. At the time of this writing, it has a value of nearly $10 million.

The hacker also used numerous U.S. dollar-backed stablecoins for additional transactions. Those include USDT, TUSD, USDC, HUSD, PAX, BUSD, DAI. Similarly, the total amount equaled just shy $10m.

He also sent back approximately $4 million worth of Ethereum-based tokens pegged to Bitcoin – WBTC, HBTC, and imBTC. Interestingly enough, he didn’t return the exact balance of assets that he took, as some of the value was in different coins.

Consequently, the total amount returned worth of various cryptocurrencies is roughly $24 million at current prices.

Plausible Reasons For The Change Of Heart?

First things first, this hack continued raising eyebrows even after the completion of the attack. The perpetrator sent back $125k worth of PAX to the dForce admin account, including a memo “Better future.” Lendf.me replied by sending an email address to contact, after which the attacker returned assets worth about $2.6 million.

This may have encouraged Lendf.me, as the admin sent another empty transaction carrying a message saying, “Contact us for your better future.”

Simultaneously, people started sending $0 worth ETH transactions to the hacker with memos pleading to return all funds. Obviously, he did, leading many people to believe that it was this that caused him to change his mind.

However, some of the assets he stole would have been impossible to offload. For instance, imBTC is an ERC-777 token that has a central registry controlled by the operator – Tokenlon DEX. HuobiBTC is an ERC-20 token operated by Huobi and redeemable only on the exchange.

Addresses containing these assets which are associated with hacks could be blacklisted, meaning that the attacker wouldn’t be able to exploit them.

Moreover, it’s entirely possible that the exchanged communication between the hacker and the team Lendf.me has revealed important identification information about the perpetrator.