Lendf.me

Lendf.me was a decentralized finance lending protocol operating from its headquarters in China. The platform functioned within the broader cryptocurrency ecosystem, enabling users to deposit digital assets as collateral and borrow other cryptocurrencies, a common service model in the decentralized finance sector. Its operations involved integrating with various token standards and other DeFi protocols to facilitate these lending and borrowing activities. The platform's technical infrastructure interacted with multiple blockchain assets, including tokenized Bitcoin representations like imBTC, and was connected to major decentralized exchanges such as Uniswap to provide liquidity and price discovery for its services. This positioning placed Lendf.me within the competitive and rapidly evolving landscape of non-custodial crypto lending platforms that aimed to offer permissionless access to financial services.

In April 2020, Lendf.me was the victim of a significant security incident that underscored systemic risks in the DeFi space at the time. Attackers executed a sophisticated reentrancy attack, a vulnerability type previously documented by security firms like OpenZeppelin, which exploited the interaction between the platform's smart contracts and ERC-777 token standards, specifically targeting the imBTC token. This method allowed the hackers to repeatedly withdraw funds before the platform's internal balances could be updated, ultimately draining approximately $25 million in cryptocurrency. The attack initially targeted Uniswap without financial loss before successfully compromising Lendf.me's reserves. In response, both platforms temporarily suspended operations, and imBTC transactions were halted to contain the breach. A notable aspect of the incident was the subsequent recovery of the vast majority of the stolen funds, approximately $23.8 million, following negotiations conducted via on-chain messages after the attackers inadvertently revealed an IP address, with minor losses attributed to cryptocurrency price volatility during the resolution period. This event highlighted both the critical importance of rigorous smart contract auditing in DeFi and the unique, albeit unpredictable, potential for on-chain forensic analysis and negotiation in cryptocurrency theft cases.