How Lendf.Me was close to lose $25m worth of cryptocurrency
Lendf.Me is an online lending platform based on Etherum.
If you are new to cryptocurrency, Etherum allows you to buy and sell online without any third party. It is decentralized meaning that it is beyond the control of any given country. Besides, its users are granted more control over the data. In fact, every transaction is controlled by what is called « miners ».
Concerns about security
It is often said cryptocurrency is the future of finance. Still, it hasn’t seen any mass adoption. The reason may root from its security perception. And the case of Lendf.me’ s attack will reinforce that negative image. Etherum asserts that this bug per se was not intrinsically related to its platform but to the so-called « imBTC token ». This is maybe true but making these differences requires some technical knowledge that the final audiences lack ( layman). This is why cryptocurrency still struggle. Nonetheless, let’s try to understand how Lendf.me managed to lose this astonishing amount.
« Reentrancy »
In a nutshell, the attackers managed to avoid control by making the transaction before it is accepted or declined. And multiple times. You get it? No, ok. Let’s put it simply: the transactions happened first, then after that we check if it was appropriate or not. And the attacker just changed the code so that it avoids this control. Hopefully for Lendf.me, the attackers return the fund since they somehow exposed their IP addresses accidentally.