Dough Finance lost $1.96 million in a flash loan attack after hackers exploited a vulnerability in the ConnectorDeleverageParaswap contract.
The attacker initially stole $1.8 million in USDC and converted it to 608 ETH using the zero-knowledge protocol Railgun.
A second assault resulted in an additional $141,000 loss, but Aave’s lending pools remained unaffected by the attacks.
Dough Finance recently fell victim to a flash loan attack, resulting in the loss of $1.96 million in user funds. The project’s team announced their commitment to resolving the situation soon.
DOUGH FINANCE FACES $1.8M LOSS IN FLASH LOAN ATTACKDough Finance experienced a significant breach, losing $1.8M as 608 ETH was stolen due to unvalidated call data.Cyvers flagged the transactions, ensuring Aave's safety while Dough Finance bore the brunt.Olympix suggests… pic.twitter.com/541MBADXqi
— Crypto Town Hall (@Crypto_TownHall) July 13, 2024
This incident came to light on July 12, when online reports surfaced regarding suspicious activity related to Dough Finance. Cyvers, a Web3 blockchain security platform, disclosed that it had detected multiple dubious transactions involving the DeFi protocol.
According to reports, the hacker exploited Dough Finance’s smart contract, making away with $1.8 million in USDC. The attacker, leveraging the zero-knowledge (ZK) protocol Railgun, initially acquired 608 ETH by transferring the funds to Ethereum (ETH).
Olympix, another Web3 security provider, revealed that the exploit was facilitated by a flaw in the ConnectorDeleverageParaswap contract’s calldata. This oversight allowed the exploiter to manipulate the contract’s data and transfer the funds to an Externally Owned Account (EAO).
Following the initial attack, a second wave of assaults occurred, resulting in an additional loss of $141,000 in USDC. The total amount siphoned in this crypto heist reached $1.96 million. However, it was confirmed that Aave’s lending protocol pools remained unaffected by these attacks.
In response to these events, Dough Finance acknowledged the attack and advised users to withdraw their remaining funds from the protocol. The project announced that it had successfully identified and closed the attack. They assured the community that efforts were underway to address the incident, recover the funds, and ensure the affected investors are compensated.
The recent flash loan attack on Dough Finance has highlighted the ongoing challenges faced by DeFi protocols in ensuring the security of user funds. As the project’s team continues to work towards resolving this incident, the broader DeFi community remains vigilant in the face of evolving security threats.
Read Also
DeFi Disaster: Hundred Finance Loses $7.4M in Cunning Flash Loan Attack
Top Analyst Predicts XRP’s Surge to $5, Unveils Crucial Price Levels
$50M Loans With NFT as Collateral Recorded in a Month
Reddit User Bets Big on Bitcoin with $60K Loan, Bags $20K Profit
Zunami Protocol Suffers $2.1 Million Loss from Price Manipulation Attack
The post Dough Finance Suffers $1.96 Million Flash Loan Attack appeared first on Crypto News Land.