On April 2020, LendfMe was exploited in a reentrancy, resulting in approximately $25M in losses. That makes the LendfMe exploit the 19th largest DeFi incident out of 690 documented in our archive.
Attack Mechanics: How the LendfMe Reentrancy Played Out
Exploit Class Applied to LendfMe
The LendfMe incident on April 19, 2020 is classified as a Reentrancy. A malicious contract re-enters a vulnerable function before state is updated, letting it drain funds multiple times. In the full archive, LendfMe is 1 of 51 documented reentrancy incidents.
LendfMe in Context
At $25M, the LendfMe exploit is a major ($10M–$100M) event compared to the largest same-class incident in our archive — Curve (2023) at $41M.
Prior Reentrancy Before LendfMe
The nearest reentrancy incident before LendfMe was UniSwapV1, 1 day earlier on April 18, 2020 ($220K lost). The same exploit class surfaced again within the reentrancy attack surface.
LendfMe Vulnerability Signature
The primary source categorises the LendfMe exploit specifically as “ERC777 Reentrancy”. This narrower label is entity-specific: it reflects how the LendfMe contract failed, rather than the broad reentrancy pattern alone.
Impact & Recovery for LendfMe
LendfMe Loss Figure
The LendfMe exploit caused $25,000,000 in losses — a major ($10M–$100M) incident and the 1st largest of 9 documented in 2020. This single incident represents 99.1% of all tracked losses that year.
Where LendfMe Sits Among Reentrancy Attacks
Ranked by loss size, LendfMe is the 2nd largest of 51 reentrancy incidents documented. That puts the LendfMe loss above the class average of $2.87M.
Timeline Since the LendfMe Incident
The LendfMe exploit occurred 6 years ago (2,186 days). The contract, its fork-block, and the attack transaction remain on-chain and forensically reproducible.
Primary Reference for LendfMe
Public post-mortem / on-chain analysis for the LendfMe incident: view source.
FAQ
How much did LendfMe lose?
The LendfMe exploit in April 2020 resulted in $25,000,000 in losses — the 1st largest of 9 DeFi incidents that year.
When did the LendfMe hack happen?
The LendfMe exploit was recorded on April 19, 2020 — 2,186 days ago.
What type of exploit hit LendfMe?
The LendfMe incident is classified as a Reentrancy. A malicious contract re-enters a vulnerable function before state is updated, letting it drain funds multiple times.
How common is the Reentrancy pattern seen at LendfMe?
Our archive contains 51 documented reentrancy incidents. The LendfMe incident is one of them.
How does LendfMe compare to the largest Reentrancy attack?
The largest reentrancy incident in our archive is Curve (2023) at $41M. The LendfMe loss is $25M.
What significant change did Ethereum undergo with the introduction of Ethereum 2.0?
Ethereum transitioned from a Proof-of-Work (PoW) to a Proof-of-Stake (PoS) consensus mechanism.
What is the primary objective of the study?
To develop a stock market prediction model using a hybrid approach that combines LSTM networks with Genetic Algorithms (GA).