dTRINITY Exploit Breakdown: $257K Lost Due to Share Accounting & Index Sync Bug

In March 2025, the dTRINITY DeFi protocol suffered a critical exploit on its Ethereum deployment, specifically targeting the dLEND-dUSD lending pool. The attacker successfully drained approximately $257,061 in USDC, nearly wiping out the pool’s liquidity, which stood at around ~$435K. Unlike complex exploits involving oracle manipulation or reentrancy, this attack was rooted in a fundamental accounting flaw, a broken invariant between actual assets and internally calculated share value. By combining a flash loan, phantom collateral creation, and a repeated deposit-withdraw loop, the attacker was able to transform a small deposit into millions of dollars worth of perceived collateral. This incident serves as a critical lesson for DeFi developers: If your accounting invariants are broken, your protocol is already compromised. What Happened Network: Ethereum Mainnet Target: dLEND-dUSD Pool Total Loss: ~$257,061 USDC TVL at Time of Attack: ~$435K Attack Type: Inflation Attack + Invariant V