dForce Network
Summary
dForce Network is a China-founded DeFi protocol suite offering lending, stablecoin, and trading products, founded in late 2018 by Mindao Yang and Xin Xu. The protocol suffered two significant security incidents: a $25 million ERC-777 reentrancy exploit in April 2020 and a $3.65 million read-only reentrancy attack in February 2023, with funds returned in both cases. Despite recovering from both exploits and continuing to operate across multiple chains, the protocol's pattern of deploying code without fully auditing all integrated components remains a documented risk factor.
Connected Entities
1 entities · 10 linked investigations- + 1 more
Timeline(11 events)
2018-12-01
dForce Network founded in China by Mindao Yang and Xin Xu as a DeFi protocol suite.
Decrypt interview with Mindao Yang2020-01-01
Lendf.Me integrates imBTC (ERC-777 token) as collateral, introducing the reentrancy vulnerability that would be exploited.
Hackers just tapped China's dForce for $25 million — Decrypt2020-04-14
Multicoin Capital leads a $1.5 million seed round in dForce, with China Merchants Bank International and Huobi Capital co-investing.
Our Investment in dForce — Multicoin Capital2020-04-19
Lendf.Me exploited via ERC-777 reentrancy attack. Approximately $25 million drained from 12 lending markets. dForce team discovers the breach at 9:15 AM UTC+8 and pauses the protocol.
A Summary of the Attack on Lendf.Me — Mindao Yang / dForce Medium2020-04-20
Attacker attempts to negotiate with dForce. 1inch Exchange identifies the attacker's Chinese IP address via CDN access logs. Singapore Police Force's Criminal Investigations Department formally requests attacker data from 1inch.
DForce Hacker Attempts to Negotiate After Allegedly Leaking His Identity — CoinTelegraph2020-04-21
Attacker begins returning stolen funds to Lendf.Me contracts.
dForce Attacker Returns All of the $25 Million — BeInCrypto2020-04-22
Substantially all $25 million in stolen funds confirmed returned to dForce. Criticism mounts regarding copied Compound code and absence of audit coverage.
DForce Hacker Returns Stolen Money as Criticism of the Project Continues — CoinTelegraph2020-05-04
dForce redistributes 100% of recovered funds to Lendf.Me users. All affected users made whole.
dForce Ecosystem Update — April 2020 — dForce Medium2022-04-14
ChainSecurity discloses read-only reentrancy vulnerability in Curve pools to Curve and affected protocols. Curve publishes a mitigation. dForce's Curve vault integration is not patched in time.
Explained: The dForce Hack (February 2023) — Halborn2023-02-09
dForce's Curve vault on Arbitrum and Optimism exploited via read-only reentrancy. Approximately $3.65 million drained ($1.9M Arbitrum, $1.7M Optimism).
DForce protocol drained of $3.6 million in reentrancy attack — The Block2023-02-13
Attacker self-identifies as a whitehat, negotiates a bounty with dForce, and returns all $3.65 million to dForce multi-sig wallets.
DForce confirms the return of exploited $3.65m to their vaults — Crypto.newsDecision Log
- hash: G8n1QgDXDmRRwtbtYufaiEjPi5H5wHWhK3x33GKTFFPm
This investigation is cryptographically anchored to the Solana blockchain and source URLs are archived via the Internet Archive.
model: claude-sonnet-4-6
generated: 5/31/2026, 6:59:16 AM
last updated: 5/31/2026, 6:59:20 AM
avoid.net — verified advice for a post-truth world