- Dough Finance lost $1.8 million in a flash loan attack due to a smart contract vulnerability.
- The attacker exploited unverified call data to steal USDC before converting the assets into 608 ETH.
- Users were urged to withdraw their funds to secure their wallets.
Dough Finance suffered a serious flash loan attack, losing approximately $1.8 million worth of digital assets.
This attack, which exploits a vulnerability in the protocol’s smart contracts, highlights a persistent security issue in the cryptocurrency space, particularly in the DeFi space.
What happened in the Dough Finance attack?
The attack, detected by Web3 security firm Cyvers on July 12, targeted Dough Finance’s “ConnectorDeleverageParaswap” smart contract.
The contract, designed to facilitate transactions within DeFi platforms, failed to properly validate call data during a flash loan execution, giving attackers the opportunity to manipulate transaction details and illicitly transfer 608 ETH, worth approximately $1.8 million at the time of the attack.
The funds, originally in the form of USD Coin (USDC), were quickly converted to ETH using Railgun, a zero-knowledge protocol, making tracking and recovering the stolen assets even more complicated.
Who is affected by flash loan attacks?
The Dough Finance flash loan attack primarily affected users who had deposited funds under Dough Finance’s exploited contracts.
While lending pools on Aave, another popular DeFi platform, were not affected, the incident highlights the vulnerabilities of smart contracts and potential risks associated with decentralized finance protocols.
Security experts, including Olympix, have stressed that it is important for users to withdraw funds to secure their wallets and not interact with Dough Finance until the platform issues clear instructions on safety measures.
fist @DoughFina User: Abuse warning!
Dough Finance has exploited approximately $1.8 million USDC! Here is an analysis of the situation based on available information.
❓What happened?
This exploit comes from unvalidated call data within … pic.twitter.com/NBcCwsMl10
— Olympix (@Olympix_ai) July 12, 2024
What’s notable is that the attack on Dough Finance adds to a worrying trend of security breaches plaguing the cryptocurrency industry in 2024.
According to a recent report from CertiK, on-chain attacks have already resulted in over $1.19 billion in losses in the first half of this year, with phishing attacks and private key compromises contributing significantly to these figures.