- Dough Finance lost $1.96 million in a flash loan attack after hackers exploited a vulnerability in the ConnectorDeleverageParaswap contract.
- The attacker initially stole $1.8 million in USDC and converted it to 608 ETH using the zero-knowledge protocol Railgun.
- A second assault resulted in an additional $141,000 loss, but Aave’s lending pools remained unaffected by the attacks.
Dough Finance recently fell victim to a flash loan attack, resulting in the loss of $1.96 million in user funds. The project’s team announced their commitment to resolving the situation soon.
This incident came to light on July 12, when online reports surfaced regarding suspicious activity related to Dough Finance. Cyvers, a Web3 blockchain security platform, disclosed that it had detected multiple dubious transactions involving the DeFi protocol.
According to reports, the hacker exploited Dough Finance’s smart contract, making away with $1.8 million in USDC. The attacker, leveraging the zero-knowledge (ZK) protocol Railgun, initially acquired 608 ETH by transferring the funds to Ethereum (ETH).
Olympix, another Web3 security provider, revealed that the exploit was facilitated by a flaw in the ConnectorDeleverageParaswap contract’s calldata. This oversight allowed the exploiter to manipulate the contract’s data and transfer the funds to an Externally Owned Account (EAO).
Following the initial attack, a second wave of assaults occurred, resulting in an additional loss of $141,000 in USDC. The total amount siphoned in this crypto heist reached $1.96 million. However, it was confirmed that Aave’s lending protocol pools remained unaffected by these attacks.
In response to these events, Dough Finance acknowledged the attack and advised users to withdraw their remaining funds from the protocol. The project announced that it had successfully identified and closed the attack. They assured the community that efforts were underway to address the incident, recover the funds, and ensure the affected investors are compensated.
The recent flash loan attack on Dough Finance has highlighted the ongoing challenges faced by DeFi protocols in ensuring the security of user funds. As the project’s team continues to work towards resolving this incident, the broader DeFi community remains vigilant in the face of evolving security threats.
Read Also
disclaimer read moreCrypto News Land, also abbreviated as "CNL", is an independent media entity - we are not affiliated with any company in the blockchain and cryptocurrency industry. We aim to provide fresh and relevant content that will help build up the crypto space since we believe in its potential to impact the world for the better. All of our news sources are credible and accurate as we know it, although we do not make any warranty as to the validity of their statements as well as their motive behind it. While we make sure to double-check the veracity of information from our sources, we do not make any assurances as to the timeliness and completeness of any information in our website as provided by our sources. Moreover, we disclaim any information on our website as investment or financial advice. We encourage all visitors to do your own research and consult with an expert in the relevant subject before making any investment or trading decision.