Is dForce Safe?
Risk Grade: B- (35/100)
dForce is rated as moderate risk — some novel mechanisms, generally well-understood.
High risk — hacked twice with the same bug class and the multi-chain deployment multiplies every vulnerability across 7+ chains
A lending and stablecoin protocol deployed across 7+ blockchains including Ethereum, Arbitrum, and BSC, managing about $100M in deposits. Its D+ grade reflects two separate hacks ($25M in 2020, $3.64M in 2025) and the amplified risk of running the same code on many chains.
TVL
$1M
Mechanisms
7
Interactions
5
Value Grade
D+
Key Risks for dForce Users
dForce has been hacked twice. The same type of bug (reentrancy) was exploited both times, five years apart. A pattern of repeated exploits suggests deeper code quality issues
The same code runs on 7+ chains. When the 2025 hack hit Arbitrum, the identical bug existed on Optimism too. One vulnerability means simultaneous losses on every chain
The USX stablecoin depends on liquidation bots that vary in quality across chains. On smaller chains like KAVA, bots are slow or absent, so bad debt piles up and USX can lose its peg
Top Risk Factors
- •Two separate exploit incidents (2020 reentrancy for $25M, 2025 read-only reentrancy for $3.64M) demonstrate persistent smart contract security weaknesses
- •Multi-chain deployment across 7+ chains creates a vast attack surface where a single vulnerability can be exploited across all deployments
- •USX stablecoin depends on liquidation infrastructure quality that varies dramatically across smaller chains with thin DEX liquidity
How dForce Compares to Peers
dForce ranks #42 of 90 Lending protocols (above-median). At a risk score of 35/100, it's in line with the sector average (37/100).
Adjacent peers: Suilend (B-, 34/100) is ranked just safer, and Alchemix (B-, 35/100) is ranked just riskier.
See the full Lending sector leaderboard or the dForce vs Alchemix comparison.
Common Questions about dForce
Plain-English answers based on dForce's scores across Hindenrank's 8 risk dimensions. The highest-scoring (riskiest) dimension is Track Record (10/15).
Has dForce ever been hacked or exploited?
dForce has had some operational issues or moderate incidents in its history. The track record dimension scored 10/15 — not catastrophic, but enough to flag. Look at the specific events and whether they were addressed by the team before drawing conclusions.
How much money is at stake in dForce?
dForce currently holds under $1M in user deposits — small enough that liquidity events could affect exits. Smaller TVL means individual depositors carry a larger share of any loss event, and it can be harder to exit a position quickly during stress.
What's the worst-case scenario for dForce?
Hindenrank has identified specific collapse scenarios for dForce. The most prominent: "Multi-Chain Smart Contract Exploit Cascade". The trigger condition is A smart contract vulnerability is exploited on one chain, and the same code deployed on other chains is attacked in rapid succession before patches can be applied. Reading through the full scenario list on the protocol page is the single best way to understand the actual failure modes — generic "smart contract risk" is rarely the thing that takes a protocol down.
Is dForce regulated or insured?
dForce has some regulatory exposure (5/10), typical of mid-sized DeFi protocols. There is no specific enforcement action on record, but the structure includes elements that regulators have flagged in similar protocols. No DeFi protocol carries FDIC-style insurance — even with low regulatory risk, depositors are not protected in the way bank customers are.
What are the biggest red flags for dForce?
Hindenrank's retail-focused risk audit flagged: dForce has been hacked twice. The same type of bug (reentrancy) was exploited both times, five years apart. A pattern of repeated exploits suggests deeper code quality issues The same code runs on 7+ chains. When the 2025 hack hit Arbitrum, the identical bug existed on Optimism too. One vulnerability means simultaneous losses on every chain The USX stablecoin depends on liquidation bots that vary in quality across chains. On smaller chains like KAVA, bots are slow or absent, so bad debt piles up and USX can lose its peg On the technical side, 2 critical-severity interaction risks have been identified.
Should beginners deposit into dForce?
dForce is rated B-, which is acceptable for users who understand the protocol's mechanism. Beginners should read the full risk breakdown and only deposit after they can articulate the top three failure modes. If you cannot explain how the protocol works, do not deposit.
How does dForce compare to safer Lending alternatives?
dForce is one protocol in Hindenrank's Lending coverage. The safest Lending protocols on the leaderboard tend to share three traits: a long incident-free track record, conservative mechanism design, and high-quality public documentation. Compare dForce against the full Lending ranking before committing capital.
For the full 8-dimension score breakdown, the radar chart, and dependency graph, see the dForce risk report.
Read the Full dForce Risk Report
This protocol has 2 collapse scenarios. 2 critical and 2 high-severity interaction risks identified. See the full mechanism classification, interaction matrix, and deep-dive recommendations.
View Full Report →Get risk alerts before it's too late
Weekly grade changes, downgrade alerts, and new protocol risk findings. Free.