dForce ecosystem Lendf.Me was attacked by a Hacker, resulting in the theft of $25 million in assets.

The dForce ecosystem currency market Lendf.Me encountered a Hacker attack on April 19, resulting in approximately $25 million worth of assets being illegally extracted. dForce founder Yang Mindao published an article detailing the events.

On the day of the incident, around 9:15 Beijing time, the internal monitoring system detected abnormal transfer activities. The team quickly took action, suspending the operation of the Lendf.Me and USDx contracts, and temporarily shutting down the website for investigation. The investigation is still ongoing, and some hacker information has been obtained, while the attack has been stopped.

Since the incident occurred, the team has been actively seeking solutions:

1. Collaborate with top security teams to comprehensively assess the security of Lendf.Me.
2. Discuss feasible solutions with partners; despite the attacks, the team is determined not to give up easily.
3. Work closely with major exchanges, over-the-counter traders, and law enforcement agencies to recover stolen funds and track the Hacker's whereabouts.

The attack mainly exploited the vulnerability of the imBTC asset's ERC777 standard to perform a reentrancy attack. The attacker repeatedly used the forged imBTC as collateral to borrow funds by leveraging the callback mechanism.

Yang Mindao stated that this attack not only affected users and partners but also caused significant economic losses to himself and the entire team.

The dForce team promises to provide the community with more detailed explanations and clarifications before the end of the day. This incident highlights the importance of security in blockchain projects and reminds industry participants of the need to continuously improve security measures to address potential threats.