- An attacker has stolen about $1.8 million from funds on Dough Finance.
- This attack has brought to light some security issues on the platform.
- Not all Dough Finance users were affected.
In a shocking turn of events, a flash loan attack has hit some Dough Finance users badly, robbing them of thousands of dollars. On June 12, 2024, Cyvers, a security company that provides real-time detection and prevention of crypto attacks, detected suspicious activity on the protocol.
Immediately after the company noticed the odd activity, it contacted the lending protocol, Aave, to determine if the hacker had had any impact there.
While Aave confirmed that its pools were intact and unaffected, Dough Finance, a liquidity protocol on the Ethereum network, suffered the brunt of the attack.
Not all Dough Finance users were affected; only those with funds tied to the impacted smart contract were. Despite the loss being contained, many Dough Finance users are still worried about the safety of their funds and the continued usage of the decentralised finance (DeFi) protocol.
A small vulnerability in Dough Finance’s smart contract, “ConnectorDeleverageParaswap,” gave the hacker the needed advantage. They were then able to manipulate the contract due to its failure to validate received data during calls for flash loans. Essentially, the contract failed to properly confirm or cross-check the data.
The theft occurred because the attacker swapped existing Ether (ETH) for stolen USDC, which was worth far less. This manipulation allowed the hacker to cart away roughly $1.8 million worth of ETH.
The attacker launched multiple assaults on the platform, resulting in higher losses. The loss experienced after the second attack was over $140,000. The Dough Finance team is currently investigating the cause of the attack and the extent of its effects and working to strengthen the platform’s security.
Some security experts have advised Dough Finance users to consider moving their funds to other platforms or wallets until the team can confirm the platform’s safety. They also recommend that users avoid interacting with Dough Finance’s smart contracts for now to ensure their property’s protection.