Verify a decision

{"actor":"system:backfill","investigation_id":"83cab2d1-6d9a-46e6-8786-9df49fcc4fe7","kind":"publish","page_slug":"lendfme","published_at":"2026-05-28T19:07:01.812Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Lendf.me","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://decrypt.co/26033/dforce-lendfme-defi-hack-25m","type":"other","url":""},{"credibility":3,"name":"https://www.coindesk.com/tech/2020/04/14/chinese-defi-platform-dforce-raises-15m-from-multicoin-huobi-capital","type":"other","url":""},{"credibility":3,"name":"https://medium.com/dforcenet/a-summary-of-the-attack-on-lendf-me-on-april-19-2020-e2f1c5d96640","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://peckshield.medium.com/uniswap-lendf-me-hacks-root-cause-and-loss-analysis-50f3263dcc09","type":"other","url":""},{"credibility":3,"name":"https://slowmist.medium.com/slowmist-details-of-lendf-me-reentrancy-attack-3e168ab5f2b1","type":"other","url":""},{"credibility":3,"name":"https://quantstamp.com/blog/how-the-dforce-hacker-used-reentrancy-to-steal-25-million","type":"other","url":""},{"credibility":3,"name":"https://valid.network/post/the-reentrancy-strikes-again-the-case-of-lendf-me","type":"other","url":""},{"credibility":3,"name":"https://cointelegraph.com/news/dforce-hacker-returns-stolen-money-as-criticism-of-the-project-continues","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://slowmist.medium.com/slowmist-details-of-lendf-me-reentrancy-attack-3e168ab5f2b1","type":"other","url":""},{"credibility":3,"name":"https://peckshield.medium.com/uniswap-lendf-me-hacks-root-cause-and-loss-analysis-50f3263dcc09","type":"other","url":""},{"credibility":3,"name":"https://quantstamp.com/blog/how-the-dforce-hacker-used-reentrancy-to-steal-25-million","type":"other","url":""},{"credibility":3,"name":"https://securityaffairs.com/101895/cyber-crime/uniswap-lendf-me-hacked.html","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://medium.com/dforcenet/lendf-me-hack-resolution-part-i-asset-redistribution-plan-9cefee49f209","type":"other","url":""},{"credibility":3,"name":"https://medium.com/dforcenet/lendf-me-resolution-part-ii-dforce-better-future-proposal-76a07b65ca24","type":"other","url":""},{"credibility":3,"name":"https://www.theblock.co/post/63141/defi-dforce-attack-24-million-funds-return","type":"other","url":""},{"credibility":3,"name":"https://coingeek.com/dforce-hacker-returns-25m-stolen-funds/","type":"other","url":""},{"credibility":3,"name":"https://cryptobriefing.com/the-dforce-hacker-is-returning-stolen-funds/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://decrypt.co/26069/exclusive-an-interview-with-dforce-founder-mindao-yang","type":"other","url":""},{"credibility":3,"name":"https://www.coindesk.com/tech/2020/04/14/chinese-defi-platform-dforce-raises-15m-from-multicoin-huobi-capital","type":"other","url":""},{"credibility":3,"name":"https://medium.com/@mindao.yang/update-on-lendf-me-ee83f4380b70","type":"other","url":""},{"credibility":3,"name":"https://medium.com/dforcenet/a-summary-of-the-attack-on-lendf-me-on-april-19-2020-e2f1c5d96640","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://cointelegraph.com/news/dforce-hacker-returns-stolen-money-as-criticism-of-the-project-continues","type":"other","url":""},{"credibility":3,"name":"https://quantstamp.com/blog/how-the-dforce-hacker-used-reentrancy-to-steal-25-million","type":"other","url":""},{"credibility":3,"name":"https://valid.network/post/the-reentrancy-strikes-again-the-case-of-lendf-me","type":"other","url":""},{"credibility":3,"name":"https://github.com/dforce-network/documents/blob/master/audit_report/Lending/dForceLending-Audit-Report-TrailofBits-Mar-2021.pdf","type":"other","url":""},{"credibility":3,"name":"https://medium.com/dforcenet/lendf-me-resolution-part-ii-dforce-better-future-proposal-76a07b65ca24","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.americancryptoassociation.com/2020/04/20/dforce-hacker-attempts-to-negotiate-after-allegedly-leaking-his-identity/","type":"other","url":""},{"credibility":3,"name":"https://www.newsbtc.com/2020/04/21/2-reasons-why-ethereum-defi-hacker-returned-25-million-in-hacked-funds/","type":"other","url":""},{"credibility":3,"name":"https://www.bitsofblocks.io/post/theft-and-giving-it-back-25m-stolen-and-returned-in-lendf-me-debacle","type":"other","url":""},{"credibility":3,"name":"https://quadrigainitiative.com/casestudy/dforcelendfmedefiprotocolbreached.php","type":"other","url":""}]}],"sources_used":[],"summary":"Lendf.me was a decentralized lending protocol built by dForce Network and launched in September 2019 as a fork of Compound v1. On April 19, 2020, an attacker exploited a reentrancy vulnerability involving ERC-777 tokens to drain approximately $25.2 million from the protocol — at the time representing 99.95% of its total value locked. The attacker returned nearly all funds within two days after inadvertently exposing identifying metadata, and the original Lendf.me contract was permanently deprecated following the incident.","timeline":[{"date":"2018-01-01","event":"Mindao Yang founds dForce Network in late 2018 as a China-based open finance protocol.","source":""},{"date":"2019-09-01","event":"Lendf.me lending protocol launches as a fork of Compound v1, initially supporting a limited set of Ethereum assets.","source":""},{"date":"2020-04-14","event":"dForce announces a $1.5 million strategic funding round led by Multicoin Capital, with Huobi Capital and CMBI participating.","source":""},{"date":"2020-04-19","event":"At approximately 12:58 AM UTC, attacker (EOA: 0xa9bf70a420d364e923c74448d9d817d3f2a77822) begins exploiting the ERC-777 reentrancy vulnerability. By 9:15 AM UTC+8, dForce discovers the attack. Lendf.me contracts are paused approximately one hour after the exploit begins. Approximately $25.2 million (~99.95% of TVL) is drained across 12 liquidity pools.","source":""},{"date":"2020-04-20","event":"dForce files a police report with Singapore authorities. The attacker's identifying metadata — including IP address and device fingerprint — is obtained from a CDN provider via subpoena. The attacker returns approximately $2.79 million as a first partial repayment.","source":""},{"date":"2020-04-21","event":"The attacker returns the remaining stolen funds, completing near-total restitution. dForce opens its Asset Recovery System for user withdrawals.","source":""},{"date":"2020-04-27","event":"dForce reports that over 90% of recovered assets have been redistributed to users and that 100% of affected users will be made whole.","source":""},{"date":"2020-05-01","event":"dForce publishes the 'Better Future' Proposal announcing 2,000,000 DF token airdrop to hack-affected users, creation of the dSAFU insurance fund with 50,000,000 DF tokens, and security improvement commitments. The original Lendf.me contract is permanently deprecated.","source":""},{"date":"2021-03-01","event":"Trail of Bits publishes a security audit of the redesigned dForce Lending protocol, reflecting post-incident security improvements.","source":""}]},"v":1}