On February 21st, 2025, Tren Finance experienced a security exploit that impacted users who had participated in our Liquidity Generation Event (LGE). We apologize for the inconvenience this caused to our early users, and we are determined to make you all whole.

Our original compensation proposal involved repaying users directly in TREN tokens. However, after listening to community feedback and in order to minimize risk as much as possible to our users, we have decided to move forward with a repayment plan in stablecoins instead. We want to provide you with a detailed overview of the compensation plan, designed to fully compensate our community while ensuring the long-term sustainability of the protocol.

The exploit resulted from a compromised deployer wallet that retained administrative privileges, allowing an attacker to temporarily modify our smart contracts and mint unbacked XY tokens. The attacker then swapped these XY tokens for stablecoins in our liquidity pools, causing impermanent loss to our users. Importantly, this was not a vulnerability in our audited smart contract code, but rather an operational security oversight in access control management.

Since the incident, we have comprehensively improved operational security for all team members and have taken the necessary steps to ensure a compromised wallet cannot happen again. As confirmed by our security partners, additional smart contract audits were not necessary since the attack vector exploited administrative access rather than any inherent code vulnerabilities.

The exploit drained $119,461 from our liquidity pools. Of this amount, $39,990 were deposits from our team members, who will not be included in the compensation plan. This means we are compensating users for $79,471 in affected funds.

We took a snapshot of all users 5 minutes prior to the hack to establish exactly who was deposited at that time. To be eligible for compensation, users must have had a minimum of $2 deposited into the protocol at the time of the exploit on February 21st, 2025.

Timeline: Starting today - July 10th, 2025

Following extensive community feedback, we have prioritized direct stablecoin repayment through a structured compensation program via Sablier streaming.

• Distribution method: Continuous streams over 24 months through Sablier, with the stream starting today.

• Access: Users can visit Sablier now to check for the compensation stream, make sure you have the Base chain selected, and you visit the "Payments" tab.

• Proportional allocation: Compensation is based on your deposit amount at the time of the exploit

This structured 24-month approach ensures we can provide full compensation while maintaining protocol stability and sustainability for all stakeholders.

Timeline: Subject to 12-month cliff + 24-month linear vesting

As an additional layer of compensation beyond the standard repayment, we are allocating 5,000,000 TREN tokens (0.5% of total supply) from our team allocation specifically for affected users.

• Proportional distribution: Allocation based on your percentage of total affected TVL

• Team allocation: We will give up a portion of the team allocation to compensate users

• Vesting structure: 12-month cliff followed by 24-month linear vesting

• Access: Users can visit Sablier to view this vesting stream. Make sure your network is on Base, and you visit the "Vesting" tab.

• Example: If you held 5% of affected TVL, you receive 5% of the 5M TREN allocation

Timeline: Claimable 30 days after TGE (August 11th, 2025)

As planned, all users who participated in our Single Sided Liquidity (SSL) program will receive their accumulated LGE rewards in TREN tokens. These rewards were earned based on your deposit amount and duration in the SSL contract, regardless of whether you had withdrawn before the exploit or only participated briefly.

• Full unlock: These tokens will be distributed with no cliff or vesting period

• Access: Users can visit Sablier on August 11th to claim their tokens. We will make an additional announcement closer to the date as a reminder.

• Universal eligibility: All SSL participants receive their earned rewards

This incident, while challenging, has strengthened our commitment to security and transparency. We believe this three-layer approach provides comprehensive coverage that addresses both your needs through stablecoin repayment and long-term value through additional TREN token allocation.

If you believe you are eligible for compensation but cannot locate your allocation, please open a support ticket in our Discord server. Our team will investigate your case and ensure all eligible users receive their rightful compensation.

While this exploit was a significant setback for our protocol and community, it has provided us with the opportunity to strengthen our security measures and accelerate our product development. Since the incident, we have:

• Completely overhauled our access control systems

• Transferred all protocol ownership to secure multi-signature wallets

• Redeployed the entire protocol in a testnet environment with live Base price feeds

• Implemented additional operational security measures

The protocol has been thoroughly secured as we gear up for our mainnet launch. Our Token Generation Event is scheduled for July 11th, 2025.

Additionally, this period has allowed us to accelerate the integration of our AI agents into the protocol, making Tren Finance more unique and attractive in the DeFi landscape. We've also been able to complete development of our latest product, Malone, which will provide unprecedented peer-to-agent loan capabilities.

All eligible users can now visit Sablier to view their compensation streams and track their compensation in real-time.

Tren Finance is the first AI stablecoin borrowing protocol, where a network of specialized agents manages the entire protocol. Our agents work in unison to handle everything from borrowing parameters and liquidations to collateral management and reward distribution, removing human bias from DeFi operations. Through this autonomous system, users can (re)collateralize their LP tokens, money market deposits, and (re)staked positions, unlocking billions in idle liquidity. Built by a team of DeFi veterans with experience from leading protocols like MakerDAO, Ajna, Binance and Venom, Tren is paving the way for a more efficient and interconnected DeFi ecosystem.

WebsiteㅣX (Twitter)ㅣCommunityㅣDiscordㅣBlog | Research

On February 21st, 2025, Tren Finance experienced a security exploit that impacted users who had participated in our Liquidity Generation Event (LGE). We apologize for the inconvenience this caused to our early users, and we are determined to make you all whole.

Our original compensation proposal involved repaying users directly in TREN tokens. However, after listening to community feedback and in order to minimize risk as much as possible to our users, we have decided to move forward with a repayment plan in stablecoins instead. We want to provide you with a detailed overview of the compensation plan, designed to fully compensate our community while ensuring the long-term sustainability of the protocol.

The exploit resulted from a compromised deployer wallet that retained administrative privileges, allowing an attacker to temporarily modify our smart contracts and mint unbacked XY tokens. The attacker then swapped these XY tokens for stablecoins in our liquidity pools, causing impermanent loss to our users. Importantly, this was not a vulnerability in our audited smart contract code, but rather an operational security oversight in access control management.

Since the incident, we have comprehensively improved operational security for all team members and have taken the necessary steps to ensure a compromised wallet cannot happen again. As confirmed by our security partners, additional smart contract audits were not necessary since the attack vector exploited administrative access rather than any inherent code vulnerabilities.

The exploit drained $119,461 from our liquidity pools. Of this amount, $39,990 were deposits from our team members, who will not be included in the compensation plan. This means we are compensating users for $79,471 in affected funds.

We took a snapshot of all users 5 minutes prior to the hack to establish exactly who was deposited at that time. To be eligible for compensation, users must have had a minimum of $2 deposited into the protocol at the time of the exploit on February 21st, 2025.

Timeline: Starting today - July 10th, 2025

Following extensive community feedback, we have prioritized direct stablecoin repayment through a structured compensation program via Sablier streaming.

• Distribution method: Continuous streams over 24 months through Sablier, with the stream starting today.

• Access: Users can visit Sablier now to check for the compensation stream, make sure you have the Base chain selected, and you visit the "Payments" tab.

• Proportional allocation: Compensation is based on your deposit amount at the time of the exploit

This structured 24-month approach ensures we can provide full compensation while maintaining protocol stability and sustainability for all stakeholders.

Timeline: Subject to 12-month cliff + 24-month linear vesting

As an additional layer of compensation beyond the standard repayment, we are allocating 5,000,000 TREN tokens (0.5% of total supply) from our team allocation specifically for affected users.

• Proportional distribution: Allocation based on your percentage of total affected TVL

• Team allocation: We will give up a portion of the team allocation to compensate users

• Vesting structure: 12-month cliff followed by 24-month linear vesting

• Access: Users can visit Sablier to view this vesting stream. Make sure your network is on Base, and you visit the "Vesting" tab.

• Example: If you held 5% of affected TVL, you receive 5% of the 5M TREN allocation

Timeline: Claimable 30 days after TGE (August 11th, 2025)

As planned, all users who participated in our Single Sided Liquidity (SSL) program will receive their accumulated LGE rewards in TREN tokens. These rewards were earned based on your deposit amount and duration in the SSL contract, regardless of whether you had withdrawn before the exploit or only participated briefly.

• Full unlock: These tokens will be distributed with no cliff or vesting period

• Access: Users can visit Sablier on August 11th to claim their tokens. We will make an additional announcement closer to the date as a reminder.

• Universal eligibility: All SSL participants receive their earned rewards

This incident, while challenging, has strengthened our commitment to security and transparency. We believe this three-layer approach provides comprehensive coverage that addresses both your needs through stablecoin repayment and long-term value through additional TREN token allocation.

If you believe you are eligible for compensation but cannot locate your allocation, please open a support ticket in our Discord server. Our team will investigate your case and ensure all eligible users receive their rightful compensation.

While this exploit was a significant setback for our protocol and community, it has provided us with the opportunity to strengthen our security measures and accelerate our product development. Since the incident, we have:

• Completely overhauled our access control systems

• Transferred all protocol ownership to secure multi-signature wallets

• Redeployed the entire protocol in a testnet environment with live Base price feeds

• Implemented additional operational security measures

The protocol has been thoroughly secured as we gear up for our mainnet launch. Our Token Generation Event is scheduled for July 11th, 2025.

Additionally, this period has allowed us to accelerate the integration of our AI agents into the protocol, making Tren Finance more unique and attractive in the DeFi landscape. We've also been able to complete development of our latest product, Malone, which will provide unprecedented peer-to-agent loan capabilities.

All eligible users can now visit Sablier to view their compensation streams and track their compensation in real-time.

Tren Finance is the first AI stablecoin borrowing protocol, where a network of specialized agents manages the entire protocol. Our agents work in unison to handle everything from borrowing parameters and liquidations to collateral management and reward distribution, removing human bias from DeFi operations. Through this autonomous system, users can (re)collateralize their LP tokens, money market deposits, and (re)staked positions, unlocking billions in idle liquidity. Built by a team of DeFi veterans with experience from leading protocols like MakerDAO, Ajna, Binance and Venom, Tren is paving the way for a more efficient and interconnected DeFi ecosystem.

WebsiteㅣX (Twitter)ㅣCommunityㅣDiscordㅣBlog | Research