dForce lending protocol hacked incident timeline

On April 19, 2023, dForce's decentralized lending protocol Lendf.Me was hacked, resulting in the theft of approximately $25 million in crypto assets. Within 48 hours of the incident, the team worked tirelessly to trace the hacker's whereabouts and the flow of the stolen funds.

Attack Incident Overview

• On April 19 at 8:58, hackers began to attack the Lendf.Me contract.
• 11:32, the Hacker completed the attack and stole approximately 25 million dollars in cryptocurrency assets.
• 12:57, Lendf.Me and USDx contracts were successively closed.

Team Response Measures

1. Urgently contact major stablecoin issuers, DeFi protocol teams, exchanges, and wallet partners, requesting to monitor and freeze the accounts involved.
2. Report the reason for the attack and the status of assets to the relevant parties.
3. Form a temporary security team to carry out asset recovery work.
4. Communicate with hackers through the blockchain to express negotiation intentions.
5. Request assistance from the Singapore police to obtain a enforcement order.
6. Based on the clues left by the Hacker, analyze and determine the profile of the Hacker and achieve a breakthrough.

Turning Point and Conclusion

• On April 20, the Hacker repeatedly transferred small amounts of assets to the Lendf.Me management address.
• On April 21 at 13:33, the Hacker actively communicated under pressure and began to return part of the assets.
• All stolen assets successfully recovered before April 21, 17:00

The team emphasized that no sensitive user information was obtained throughout the process. Finally, dForce expresses heartfelt gratitude to partners, users, and investors who provided support and assistance.