Dough Finance Hit by $1.96 Million Exploit: User Funds at Risk
The post Dough Finance Hit by $1.96 Million Exploit: User Funds at Risk appeared first on Coinpedia Fintech News
In a rather disheartening event for the community, Dough Finance has been drained for nearly $1.8 million in the USDC with subsequent attacks increasing the total loss to $1.96 million. The leakage has raised many users’ suspensions with their money and has made them doubt the safety of the service.
What happened?
According to CertiK alerts, its root cause could be traced back to ConnectorDeleverageParaswap contract in which calldata was not validated during flash loan calls. Due to this, the attacker had the privilege to alter the data to his benefit. The primary vulnerability lied in the unvalidated call data within the contract. The contract didn’t properly check the data it received during flash loan calls, allowing the attacker to manipulate it for their benefit.
Using the funds obtained through Railgun, the attacker managed to quickly change the stolen USDC into ETH, thus making identification and return of the money almost impossible.
After the first attack, the attacker remained active and decided to attack Dough Finance again which caused further losses of $140,498 and raised the overall loss to $1. 96 million.
Who were the most impacted?
Users who had their funds deposited in the Dough Finance exploited contract were the most affected. Users associated with AAVE do not feel the impact of this breach because it targeted Dough Finance contracts and no AAVE pools.
What Should Users Do?
1. Any funds that users have on Dough Finance, should be withdrawn to a safe wallet especially if they are in the affected contracts.
2. Follow the updates from the Dough Finance team for further instructions on actions and more.
3. Avoid any contact with the Dough Finance protocol or any of its contracts until it is cleared as completely safe.
While the team behind Dough Finance is looking into the breach and is trying to mitigate damages, people are encouraged to get acquainted with the new information in the official media and protect their property from possible damage.
Read Also: Compound Labs Website Breach: Security Restored, Smart Contracts Safe
