Dough Finance, a decentralized finance (DeFi) protocol, has lost $1.8 million in digital assets due to a flash loan attack. Web3 security firm Cyvers detected suspicious transactions and confirmed that Aave pools were not affected. The attacker, funded via the Railgun protocol, swapped stolen USD Coin for Ether, netting 608 ETH. The exploit was due to unvalidated calldata within a contract, allowing the attacker to manipulate data and steal funds. Dough Finance users have been advised to withdraw funds to a secure wallet and await further announcements. This incident adds to the $1 billion already lost to security breaches in the crypto space in 2024.