TL;DR
- Dough Finance suffered an exploit in its smart contract on July 12, 2024, resulting in the loss of approximately $1.8 million in funds.
- The attack focused on the ConnectorDeleverageParaswap contract, allowing the hacker to manipulate data during flash loans to divert funds.
- The protocol issued an ultimatum to the hacker to return the stolen funds by July 15, 2024, 23:00 UTC, or face legal actions for misappropriation.
Dough Finance, a prominent DeFi protocol, has experienced an exploit in its smart contract leading to the loss of approximately $1.8 million in funds. The incident occurred on July 12, 2024, when a series of suspicious transactions alerted the community and were confirmed by the Web3 security firm, Cyvers.
According to Cyvers, the attack did not affect AAVE pools as initially feared but was solely focused on Dough Finance. The exploit originated in the ConnectorDeleverageParaswap contract, where unvalidated data during flash loan calls allowed the attacker to manipulate the system to divert funds, which were subsequently converted into Ether.
Attention @DoughFina Users: Exploit Alert!
Dough finance has been exploited for roughly ~$1.8 million in USDC! Here's a breakdown of the situation based on available information:
❓What Happened?
The exploit stemmed from unvalidated calldata within the… pic.twitter.com/NBcCwsMl10
— Olympix (@Olympix_ai) July 12, 2024
The protocol’s response was prompt. The team issued a direct message to the hacker via the blockchain, issuing a clear ultimatum. The attacker was given a two-day deadline to return the stolen funds, with a warning that failing to do so by Monday, July 15, 2024, 23:00 UTC, would result in legal actions for misappropriation of funds.
Dough Finance Moves to Resolve the Conflict
In addition to the ultimatum, Dough Finance has launched a comprehensive plan to recover the lost assets, involving relevant authorities and exploring all available legal and administrative avenues. The firm assured it is actively cooperating with investigations and working on measures to prevent future security incidents.
Markus Kovalainen, CEO of Dough Finance, emphasized the protocol’s commitment to security and integrity. He stated they will do everything possible to protect user assets and maintain trust in the DeFi ecosystem. Kovalainen reiterated that the company’s priority is to swiftly and transparently resolve this issue to minimize any negative impact on the community and restore protocol stability.
This incident adds to the ongoing challenges faced by DeFi platforms. It is crucial to address system weaknesses and strengthen security measures to safeguard user funds. Dough Finance continues to operate while implementing infrastructure improvements to prevent similar vulnerabilities in the future and uphold the trust of its users and stakeholders in the DeFi space.