Dough Finance Suffers $1.8 Million Loss in Flash Loan Attack
Decentralized finance (DeFi) protocol Dough Finance has lost $1.8 million in digital assets due to a flash loan attack.
Web3 security firm Cyvers detected the attack on July 12, the company said in a post on X .
Cyvers said that the firm reached out to lending protocol Aave to investigate potential impacts on its pools upon detecting multiple suspicious transactions.
“After communicating with the AAVE team, we can confirm that AAVE pools are NOT affected,” it wrote.
Attacker Uses Railgun to Execute Attack
The attacker used the zero-knowledge (ZK) protocol Railgun to execute the attack by swapping the stolen USD Coin for Ether, accumulating a total of 608 ETH valued at around $1.8 million.
Further analysis by Web3 security provider Olympix revealed that the exploit was a result of unvalidated calldata in the “ConnectorDeleverageParaswap” contract.
Olympix explained that the contract failed to properly check the received data during flash loan calls, allowing the attacker to manipulate it to their advantage and carry out the funds’ theft.
While the hack primarily affected users who deposited funds into the exploited contract of Dough Finance, Olympix clarified that the incident did not impact Aave pools.
To mitigate risks, the security provider advised affected users to withdraw their funds to a secure wallet and to refrain from interacting with the protocol until the situation is resolved.
It is worth noting that the Dough Finance attack is not an isolated incident in the crypto space.
According to a security report published by CertiK on July 3, the first half of 2024 witnessed losses of over $1 billion in digital assets due to various security incidents.
Phishing attacks and private key compromises were identified as the main culprits behind these losses, accounting for nearly $500 million and almost $409 million, respectively.
Crypto Market Recovers Over Half of Stolen Funds in Q2
The cryptocurrency market has shown great resilience in the face of adversity, achieving a record recovery rate of 77% for stolen funds in the second quarter of 2024.
In Q2 2024, $347.4 million of the stolen crypto funds were successfully recovered or frozen out of the total $512.9 million lost, according to Hacken’s Web3 Security Report Q2 2024.
“For the second consecutive quarter, the silver lining amid the alarming rate of theft in crypto is the amount of funds recovered,” the report wrote.
It is worth noting that cryptocurrency scams have thrived on X, with analysts attributing a significant portion of all crypto scams to scammers on the platform.
Scam Sniffer, a web3 anti-scam company present on X, conducted an analysis revealing that nearly $50 million is lost each month due to account impersonation on X.com.
Just recently, Binance co-founder Yi He raised concerns about the proliferation of cryptocurrency scams on X, questioning whether Musk would take action to tackle the issue.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Ripple Labs and CEO come under fire amid rumors of a Trump meeting
Elon Musk 'shot down' OpenAI's ICO plan in 2018 over credibility concerns
Trump policies could take DeFi, BTC staking mainstream — RedStone co-founder
'There is a global race underway for Bitcoin' — Anthony Pompliano