Decentralized exchanges (DEX) operating on the Ethereum blockchain have a security issue. MakerDAO\u2019s Compound, a decentralized finance (DeFi) lending platform was hacked a couple of weeks ago, followed by an attack on the Uniswap DEX. Almost immediately after the latest attack, the DeFi lending platform offered by dForce, Lendf.me, was hacked, as well, resulting in the loss of $25 million in user funds. Fortunately for those individuals, a swift response helped recover most of the money, which will now be returned to the users. In an update to the ongoing debacle from a couple of days ago, Lendf.me explained that the recovered funds had been moved to a separate recovery account and had been working to complete an audit and reimbursement strategy to quell users\u2019 anger. dForce added in a Twitter post, \u201cOver 90% of assets have been distributed to users in less than 24 hours. 100% users have been made whole in the recovery. We will disclose more future actions shortly. Stay tuned.\u201d https:\/\/twitter.com\/dForcenet\/status\/1254738662039752704 Reimbursements will be automatic, for certain users, provided they complete a confirmation process on the newly-established \u201cAsset Recovery System (ARS).\u201d Those individuals who had supplied funds to be used for loans, but who didn\u2019t take out loans, can log in with their wallet address, confirm the information held by the platform and, upon agreeing to the Terms & Conditions, receive their funds automatically on a first-come, first-served basis. For those who had taken out loans, the process is a little more complicated. These individuals need to first log into the ARS and check that the information listed is correct. After that, they will have to \u201crepay all outstanding borrowed balance\u201d on the account before starting any claims process. Lendf.me adds, \u201cYou need to repay the full amount within 7 days. If you have not repaid the full borrowing balance before due time, the collateral will be sold to repay the outstanding loans and the residual value (total supply \u2014 total borrow) in stablecoin will be returned to your address.\u201d If there\u2019s any money that isn\u2019t claimed, or if the \u201ccollateral to loan ratio fall below 125%,\u201d depending on which comes first, that money will be swapped for one or more stablecoins. However, Lendf.me doesn\u2019t specify what will then happen with those funds. Seeing one hack is bad enough; seeing three in the span of just a couple of weeks is a definite indication of serious security flaws in the coding. The attacks exploit a flaw in the ERC-777 token standard that was first identified almost two years ago but which has still not been rectified. Given the fact that it is apparently easy to take advantage of the known vulnerability, and the fact that ERC-777 is being used in conjunction with money services, Ethereum developers should take the issue more seriously, but they appear not to be too concerned with making things right.