In brief More than $25 million was drained from smart contracts on Uniswap and Lendf.Me.

The money was taken due to a known vulnerability with ERC777.

A similar attack vector was used for the infamous DAO hack in 2016.

DForce, a Chinese decentralized finance protocol, today lost $25 million worth of its customers’ cryptocurrency due to a well-known exploit of an Ethereum token.

On Tuesday, dForce announced that it had secured $1.5 million in a seed round led by crypto VC fund Multicoin Capital.

The money was drained this morning from the contracts of Lendf.Me, a lending protocol that’s part of dForce, a collection of DeFi protocols. The site for Lendf.Me is now offline and its smart contracts have been paused. The funds were sent to DeFi lending protocols Compound and Aave. Stani Kulechov, founder and CEO of Aave, told Decrypt that around $10 million of the funds were sent to his protocol.

In a bizarre twist, the hackers returned $126,014 back to Lendf.Me with a note saying, "Better luck next time," according to Chain News.

The hack is linked to a well-known Ethereum exploit that was yesterday used to drain more than $300,000 from decentralized exchange Uniswap. Uniswap smart contracts containing imBTC—an Ethereum-based, tokenized version of Bitcoin that's run by TokenIon—were drained. Lendf.Me integrated imBTC in January.

The smart contract for dForce was drained. (Source: DeFiPulse)

The Uniswap attack took advantage of a known vulnerability that concerns the ERC777 token standard. Due to the way Uniswap smart contracts are set up, a hacker could continually withdraw ERC777 funds from Uniswap before the balance updated, gradually draining the contracts of imBTC. The dForce hack, though entirely separate from the Uniswap hack, is suspected to use the same exploit.

Both Tokenlon and Lendf.Me temporarily paused their smart contracts following the attacks. “We are working together with [Lendf.Me] to investigate it,” tweeted TokenIon. A spokesperson for dForce told Decrypt that they, too, are “still investigating.”

The vulnerability is not new. As described by DeFi Rate, the exploit is similar to the 2016 attack on The DAO. And ConsenSys, which backs an editorially independent Decrypt, called out the vulnerability in an extensive audit on Uniswap 16 months ago, concluding that it was a “major” issue. Uniswap will fix the vulnerability in an upgrade scheduled for this month.

Robert Leshner, the CEO of Compound, claims that Lendf.Me had appropriated its code, which was open-source. A report from The Block in January found that the term “Compound” appeared four times in dForce's contract. “If a project doesn't have the expertise to develop its own smart contracts, and instead steals and redeploys somebody else's copyrighted code, it's a sign that they don't have the capacity or intention to consider security,” tweeted Leshner.

So far, dForce has not discussed the exploit on their social media channels, “which is really frustrating,” one user, David Liu, who claims he lost $100,000, told Decrypt. dForce has not responded to further questions.

Following February’s exploits on bZx, in which $1 million was stolen, investors might think twice before surrendering their money to smart contracts. For now, much of the money rests in Aave. Returning the money to its rightful owners is “difficult,” he said, “because we are DeFi.”

Editor's note: This article was updated after publication to show that some of the money was returned, and to make it clear that the Uniswap exploit is separate to the dForce exploit.