DTRINITY

DESCRIPTION OF EVENTS

dTRINITY is a next-generation decentralized stablecoin protocol that introduces a unique incentive model: it subsidizes borrowers and rewards lenders and liquidity providers. This system is designed to create a more sustainable and efficient stablecoin ecosystem, drawing inspiration from the "DeFi Trinity" concept introduced by Frax Finance. The protocol issues two main stablecoins — dUSD (pegged to the US dollar) and dS (pegged to a synthetic asset called S) — both fully backed 1:1 by yield-bearing reserves. Instead of keeping reserve yields as protocol revenue, dTRINITY redirects them to rebate interest costs for borrowers, effectively lowering or even negating borrowing fees.

The protocol is built around three pillars: decentralized stablecoins, lending and borrowing protocols, and liquidity pools. By providing capital or participating in liquidity provisioning, users earn pre-TGE points, which will be converted into governance tokens (TRIN) once the token generation event (TGE) takes place. These tokens will allow holders to participate in governance and share in protocol incentives.

dTRINITY targets a broad DeFi user base including lenders, borrowers, stablecoin users, yield loopers, and liquidity providers. It supports a wide range of stable and yield-bearing assets such as FRAX, DAI, frxETH, USDe, WETH, and more. The protocol is backed by notable advisors including Rune Christensen (Sky), Sam Kazemian (Frax), and co-founders of Convex Finance, and it has formed partnerships with leading DeFi protocols and infrastructure providers like Curve, Frax, Chainlink, Silo Finance, Convex, and more.

While dTRINITY offers innovative DeFi tools, it also emphasizes the experimental and risky nature of the ecosystem. As a decentralized protocol not directly controlled by its founding organization, it carries significant risks such as potential technical failures, exploits, and regulatory uncertainty. It is not available to users in several jurisdictions, including the US, UK, Canada, and others.

Affected Fraxtal Smart Contracts: - 0x9A8aF808Dd8884c7CaaFc6c90ABdC3f9EA418a83 - 0x95c0afea3f48D4e3a5fE51b62e8B9F8538B8Ff11 - 0xA860D1f093092440BBeadc0B85f1F14C004AB6f6

Affected Sonic Smart Contracts: - 0x9ee939DdC8eaAAc72d3cAE793b12a09D92624E4a - 0x951Ed02C90A0185575Dc82e94088b9d3016b7263 - 0xB8445316dB44C05c5D2fE37f610B773a072432C1 - 0x6DF9A77c866e8a9C998286bDa5A17543e2105991 - 0xB7c8B7C260D3CF0cc3ccF1AADF5a55d0C5032EB1

The initial post by the dTrinity team reported that "the total damage appears to be less than $100K".

dTrinity later revised this estimate to $56k USD.

All funds are reportedly from team members of dTrinity.

dTRINITY acted swiftly to pause dUSD transfers, disable the vulnerable adapters on the frontend, and notify the community to revoke approvals. The initial reaction posted by the dTRINITY team on Twitter/X:

"Earlier today, an attacker exploited dLEND's swap adapter contracts on Fraxtal and Sonic, which affected users who previously granted it unlimited or very high approval. Therefore, we have disabled dLEND's collateral swaps on the frontend.

Based on our investigation so far, the total damage appears to be less than $100K, where 100% of the affected funds belonged personally to dTRINITY's core team members. All other user funds are SAFU

Here is the list of currently known impacted swap adapters. If you have given an allowance to these contracts in the past, PLEASE REVOKE THEM NOW!"

There was an initial impact to dUSD:

"Upon initial discovery we paused dUSD transfers globally to prevent further attacks while we investigated the root cause. dUSD was unpaused once we uncovered the attack surface."

Three internal dTRINITY team members were affected, all of whom had previously approved large allowances on the vulnerable adapter contract during testing. No external users or community funds were compromised, thanks in part to the UI’s design, which encourages only minimal token approvals. The total loss was $56,000, lower than initial estimates, and the funds were siphoned through an exploit that leveraged flash-minted dUSD and a malicious swap route. The exploited feature has since been disabled, and the affected team members will be fully reimbursed.

All fund losses were attributed to team members. The team has announced that they will be covered in the future.

The team acknowledges that although the vulnerable code had passed through a prior audit, the specific vector was missed — underscoring the limits of static audits. Moving forward, the protocol will implement hardened code changes, conduct a new round of audits with broader scope, and maintain its commitment to transparency and security-first development.

Several key issues remain to be resolved following the dLEND swap adapter exploit. While the team has identified the primary causes of the exploit — the unsafe user parameter, insufficient value checks, and flawed handling of swap invariants — a deeper investigation and exact reproduction of the attack are still underway. A thorough root cause analysis is essential not only for understanding the specific details of this exploit but also for ensuring that similar vulnerabilities are not present elsewhere in the system. By fully understanding the attack’s mechanics, the team can take more targeted actions to prevent recurrence.

The dTRINITY team has also committed to implementing public fixes and hardening changes across the affected adapters, with targeted tests to ensure the vulnerabilities do not reappear. This is a critical step, as the exploit took advantage of insufficient safeguards, and reinforcing the protocol’s code is vital for future security. Additionally, the team plans to conduct a new round of audits with expanded coverage and greater scope to ensure that all potential attack vectors are thoroughly assessed. These audits will play a crucial role in strengthening the protocol’s defenses and giving users more confidence in its safety.

While the three affected team members will be reimbursed for their losses, ongoing monitoring is necessary to ensure that no other users were inadvertently impacted during the testing phase. The team’s swift actions to pause dUSD transfers and disable the swap adapter demonstrate their commitment to protecting users, but ensuring comprehensive protection will require continued diligence and proactive engagement with the community

dTRINITY, a decentralized stablecoin protocol, faced an exploit involving its dLEND swap adapter, leading to a loss of $56,000, all to internal team members. Despite passing a previous audit, an unsafe user parameter and insufficient value checks in the swap adapter contract was missed. The vulnerability allowed attackers to leverage flash-minted dUSD and a malicious swap route to siphon collateral from users with high approvals on the adapter. The attack was contained quickly, the compromised feature was disabled, and no external users or community funds were affected. The affected team members will be reimbursed. dTRINITY plans to implement public fixes, conduct a new round of audits with expanded coverage, and strengthen the protocol’s security measures.

dTRINITY - "Earlier today, an attacker exploited dLEND's swap adapter contracts on Fraxtal and Sonic, which affected users who previously granted it unlimited or very high approval. Therefore, we have disabled dLEND's collateral swaps on the frontend." - Twitter/X (Sep 29)
dTRINITY - "" - Twitter/X (Sep 29)
Attack Transaction On Sonic - SonicScan (Sep 29)
Attack Transaction On Sonic - Tenderly (Sep 29)
Attack Transaction On Fraxtal - FraxScan (Sep 29)
Attack Transaction On Fraxtal - Tenderly (Sep 29)
dTRINITY Twitter/X Account (Sep 29)
dTRINITY Homepage (Sep 29)
dTRINITY Documentation (Sep 29)
dTRINITY - IQ Wiki (Sep 29)

More case studies

HyperDrive Router Set As
Operator State Changes Triggered

None