In a new twist to the dForce attack saga, the exploiter has returned all stolen funds - worth about $25 million - back to the Chinese decentralized finance (DeFi) project.
Yesterday, the attacker returned $2.79 million to dForce, and today the rest of the amount i.e. nearly $22 million, has been returned, according to Etherscan data analyzed by The Block Research.
Sergej Kunz, CEO of 1inch.exchange, told The Block that the attacker has returned all the funds because their IP address was shared with Singapore police.
"We got a request from Singapore police and we were helping dForce. Based on the request, we delivered to the police the IP addresses and sensitive meta information, which the hacker speeded by using our CDN," Kunz told The Block.
"We reacted very fast [when the police sent an email]... we protect the user data, but in such a case it is a must to help police... the idea was to make pressure as much possible to the hacker," Kunz told The Block.
The returned funds are now worth about $24.3 million, which is slightly less than the value of the stolen funds because the exploiter converted some of them and they lost some value:
Multicoin Capital-backed dForce was exploited last weekend, during which it lost nearly 100% of its total value locked. The attacker had got access to the following coins and tokens:
Multicoin Capital principal Mable Jiang, who led the dForce investment last week, declined to comment on the attacker returning stolen funds. The Block has also reached out to dForce for comments and will update this story should we hear back.
Notably, The Block has learned that Paraswap declined to help dForce with the attacker's information because they said they being a French company follow GDPR (General Data Protection Regulation) laws. But that is not true, a person familiar with the matter, told The Block.
"They [Paraswap] don’t have any contact information on the website, which is required and can cause €200k punishment. Also, they collect user email addresses for the notification system if the price change and also IP addresses and don’t have any policy on the webpage," the person told The Block.