secondary title

Attack incident review:

• At 8:58 on April 19, hackers began to attack the Lendf.Me contract.

• As of 11:32, the hacker completed the attack and stole encrypted digital assets worth 25 million US dollars.

• secondary title

Team action review:

• From 11:00 to 14:00 on April 19, our investors (Multicoin Capital, CMBI, Huobi Capital) helped us urgently contact major stablecoin asset issuers and decentralized financial protocol teams. At the same time, we contacted the senior management of major centralized exchanges and wallets and other partners, requesting that the hacker address and related accounts involved in the case be added to the monitoring and the stolen assets should be frozen.

• From 12 o'clock on April 19th, we reported the reasons for the attack and the current situation of the assets to major asset issuers and decentralized financial agreements. All parties asked us to issue an enforcement letter from the police for the next step.

• On the afternoon of April 19th, the dForce, Spark, and imToken security teams assembled offline, and connected with SlowMist remotely to set up a temporary security team to start asset recovery.

• At 22:12 on April 19, the hacker left a message "Better Future" on the chain.

• At 22:16 on April 19, the hacker transferred 126,014 PAX to the Lendf.Me Admin address.

• At 22:43 on April 19, we left contact information to the hacker on the chain, expressing our willingness to communicate.

• At 22:53 on April 19th, we formally submitted a request to the Singapore police, hoping to cooperate with us in issuing an enforcement letter, so as to obtain the assistance of major asset issuers and decentralized financial agreement teams to monitor and freeze hackers’ accounts .

• At 3:04 on April 20, the hacker transferred 320.277 HBTC to the Lendf.Me Admin address.

• At 3:20 on April 20, the hacker transferred 381,162 HUSD to the Lendf.Me Admin address.

• Since the morning of April 20, the Singapore police have successively provided enforcement letters to other teams, requiring the teams to directly provide the police with necessary information related to the case or to monitor and freeze relevant accounts. The communication process between the police and various third-party teams has never passed through the dForce team, and the dForce team has never obtained the IP information provided by 1inch to the Singapore police.
  

• On April 20, based on the traces left by the hackers before and after the attack, the security team successfully determined the exact portrait of the hacker, and began to cross-comparison with various resources at home and abroad to obtain breakthrough clues, getting closer and closer to the hacker.

• During the day on April 20, the hackers did nothing. At 18:17 pm, Lendf.Me Admin left a message “Contact us. For your better future.” on the chain to the hacker.

• At 13:33 on April 21, under heavy pressure, the hacker actively communicated with us and began to return some assets. After continuing to communicate, all assets were successfully recovered.

• As of 17:00 on April 21, the Singapore police have not found the real information of the hacker. Since the assets have been recovered, we have submitted a request to the police to withdraw the case.

We solemnly declare that the dForce team has never obtained any sensitive user information provided to us by any partner.
Here, the dForce team would like to express our sincerest thanks to our partners, users and investors who have provided us with support and assistance.