Incident Date | Incident Type | Losses | Summary | Links |
9/27/2025 | Security | ~$56,000 (fully covered) | An attacker exploited dLEND's Odos-integrated swap adapter contracts on Fraxtal and Sonic networks by abusing arbitrary user parameters and insufficient swap validation to drain funds from pre-approved wallets via manipulated routes and flash-mints. Root causes included untrusted inputs, bypassed checks, and missed audit vectors.
Total losses amounted to ~$56K, limited exclusively to three core team members' wallets. No user funds were affected, and dTRINITY’s core contributors fully covered losses for the affected team members.
The protocol remained secure, the swap feature was permanently disabled on the dLEND UI, and users were immediately notified to revoke past wallet approvals. Post-incident mitigations included additional smart contract hardening, internal and external audits. | |
11/3/2025 | Counterparty exposure & ecosystem contagion | ~$380,000 (partially covered with ongoing recovery efforts) | The collapse of Stream Finance's xUSD triggered a collateral impairment and counterparty event that indirectly impacted dTRINITY’s deployment on Sonic network through its exposure to Trevee, whose assets comprised portions of both dUSD’s reserve and dLEND’s collateral base. Trevee suffered substantial impairment due to its exposure to Stream-related allocations. The resulting depeg of Trevee assets adversely affected the dTRINITY ecosystem on Sonic, resulting in ~$380K of user losses, consisting of ~$211K in circulating dUSD and ~$169K of dLEND bad debt.
To support affected users, dTRINITY’s core contributors voluntarily donated 150K dUSD + 156K wstkscUSD from their own funds toward recovery efforts. The team is also actively working with Trevee on Stream’s bankruptcy proceedings and remains optimistic that partial recoveries from Stream, combined with the donations, will significantly reduce final losses for dTRINITY users on Sonic.
No dTRINITY smart contract vulnerabilities, hacks, or protocol exploits were involved. Additionally, dTRINITY's chain-isolated architecture prevented cross-chain contagion and contained the impact entirely to its Sonic deployment while preserving ~80% of protocol TVL across other chains.
Following the incident, dTRINITY permanently froze the Sonic deployment and discontinued all future expansion efforts on the network. Additional post-incident actions included risk parameter reviews, reserve and collateral policy updates, as well as enhanced due diligence procedures for third-party assets, counterparties, and integrations. | |
3/17/2026 | Security | ~$257,000 (fully covered) | dLEND experienced a liquidity-index inflation exploit on Ethereum through the cbBTC market, allowing an attacker to borrow ~$257K dUSD against artificially inflated collateral value and create bad debt within the protocol. The exploit targeted an accounting edge case inherited from forking Aave V3, where flash-loan fees disproportionately inflated the liquidity index while the cbBTC market's supply was in an empty state.
All bad debt was fully covered by core contributors and the protocol treasury. Additionally, dTRINITY’s chain-isolated architecture prevented cross-chain contagion and contained the incident entirely to its Ethereum deployment, preserving over 90% of protocol TVL across other chains.
Following the incident, dTRINITY’s Ethereum deployment remained frozen for ~2.5 months while extensive security hardening, infrastructure upgrades, testing, and internal code audits leveraging AI tools and multiple independent security frameworks were performed. Post-incident mitigations included disabling flash loans for non-dUSD markets and strengthening initialization procedures. Although no multisig keys were compromised, governance protections were also enhanced out of an abundance of caution through the implementation of timelocked admin controls, expanded multisig safeguards, and internal monitoring and alerting systems. |
