Uniswap Interface

Hackers deployed two reentrancy attacks, made possible by a known vulnerability found in the ERC777-token of Uniswap, to steal
$300,000 and $1.1 million in imBTC tokens. Tokenlon, the company behind the imBTC token that runs on the Uniswap platform,
provides a timeline of the events:

“8:58 SGT on April 18th. An attacker used a vulnerability with Uniswap and ERC777 to perform a reentrancy attack.

12:12 on April 18th. The Tokenlon team observed the anomaly, defined the incident as a P0-level security issue, and established an
emergency response team.

12:49 on April 18th. After evaluating the situation, Tokenlon suspended the transfer of imBTC and notified imBTC partners
including Lendf.Me to evaluate potential security risks.

17:00 on April 18th. imBTC transfer was resumed after receiving the confirmation from Lendf.Me and other partners that it is OK to
do so.

09:28 on April 19th. Tokenlon received a message from Lendf.me about a reentrancy attack, similar to the one happened to Uniswap,
resulting in a large number of abnormal borrowing on the platform.

10:12 on April 19th. In order to cooperate with the investigation of the reentrancy attack, Tokenlon suspended the transfer of
imBTC.”