The hacker who stole $25 million from the dForce platform on April 18 and 19 has returned all of the funds, following an investigation which showed that the attacker had not thoroughly covered his or her tracks. 

Reports are emerging that state the attacker had not used a decentralized service like Tor. As a result, the system through which the attack was executed was linked to a Chinese IP address. Additionally, the investigation showed that the system used was a Mac, and also revealed metadata such as the attacker’s screen resolution and system language settings.

DForce's funds dropped almost entirely. Source.

The attack occurred on late Saturday and continued until Sunday. The attacker exploited a vulnerability in the ERC-777 protocol to steal the funds from dForce, which amounted to over 99% of the latter’s funds. The attack, a reentrancy attack, somewhat resembles the attack that was carried out in the Decentralized Autonomous Organization (DAO) attack.

The consensus is that the attacker returned all of the funds in the hope that he or she would be granted leniency. The total sum was returned in 8 different assets, including ETH, USDT, DAI, MKR and PAX.

The Decentralized Finance (DeFi) market has grown at an extraordinary rate in the past few years and, at its peak, was worth more than $1 billion. 2020 has seen that value drop considerably, though it seems to have recovered since its low point in 2020. 

In February 2020, DeFi platform bZx experienced a massive attack that saw roughly $1 million stolen. Such attacks have put the spotlight on the security of DeFi platforms which, while highly popular, continue to undergo development and refinement.