Decentralized finance protocol dForce has reportedly refunded all users who were affected in a recent $25 million hack.

According to a tweet on April 27, “Over 90% of assets have been distributed to users in less than 24 hours.100% users have been made whole in the recovery.”

On April 19, a hacker was able to breach dForce and drain almost 99.5% of the locked funds in a span of three hours. As Cointelegraph earlier reported, the hacker used a known vulnerability in the ERC-777 token standard called a reentrancy attack by targeting the stablecoin imBTC.

Three days after the hack, on April 21, the hacker returned the funds to dForce after accidentally revealing his identity during a fund transfer.

The disbursement of funds follows the release of an “asset redistribution plan” that was announced earlier this week.

Planning and processing the refund amid rising criticism

Even after recovering the funds, dForce continues to be a target for criticism from the blockchain and cryptocurrency community — particularly because dForce is considered by many to be a “copy” of another similar DeFi platform, Compound.

Expressing his opinion regarding the dForce hack, the CEO of multi-platform DeFi project, Kava Labs, Brian Kerr wrote:

“The dForce team copied code they did not understand from Compound, illegally deployed it as their own while changing a few parts without realizing the security issues, and then they heavily marketed it to the world without first running very basic audits.”

Kerr further added, “The fault is both on the dForce team and the users. dForce didn’t understand what they were doing and marketed an unsafe product.”