QUADRIGA INITIATIVE
CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM
A COMMUNITY-BASED, NOT-FOR-PROFIT
$1 810 000 USD
JULY 2024
GLOBAL
DOUGH FINANCE
DESCRIPTION OF EVENTS
Dough Finance is a DeFi protocol, and its DeFi Smart Account (DSA) integrates various DeFi services into an easy-to-use interface to help users manage their digital currency in an automated manner.
"According to Cyvers, the attacker was funded through the zero-knowledge (ZK) protocol Railgun and swapped the stolen USD Coin for Ether. The attacker got a total of 608 ETH, worth about $1.8 million."
"Web3 security provider Olympix highlighted that the exploit was due to unvalidated call data within the “ConnectorDeleverageParaswap” contract. The firm explained:
“The contract didn’t properly check the data it received during flash loan calls, allowing the attacker to manipulate it for their benefit.” Because of this, the attacker was able to manipulate the data and steal the funds.
Olympix said those who deposited funds in the DeFi protocol’s exploited contract might be impacted. However, the security provider noted that the hack did not impact Aave pools."
"We detected potential suspicious activity related to @DoughFina. Loss $1.81M."
"Attention Dough Finance Users, We've identified an exploit: a few early Dough DeFi Smart Accounts (DSAs) were affected by a sophisticated exploit, resulting in unauthorized fund withdrawals."
"Update: We've recovered part of the stolen funds! These funds will go directly to the relief fund. Our team is working tirelessly with cybersecurity experts to recover the remaining assets. Thank you for your support and patience. #Recovery #DeFi"
Dough Finance is a DeFi protocol integrating other DeFi services into an easy-to-use interface to help users automatically manage their cryptocurrency. Due to unvalidated call data in the “ConnectorDeleverageParaswap” function, $1.81m worth of assets were able to be drained from the Dough Finance smart contract. The smart contract has an ongoing effort to recover the funds, which has so far recovered only part of the funds for users.
SlowMist Hacked - SlowMist Zone (Jul 16)
@SlowMist_Team Twitter (Jul 16)
ConnectorDeleverageParaswap | Address 0x9f54e8eaa9658316bb8006e03fff1cb191aafbe6 | Etherscan
(Jul 16)
https://cointelegraph.com/news/dough-finance-loses-1-8m-flash-loan-attack (Jul 16)
https://www.rootdata.com/Projects/detail/Dough%20Finance (Jul 16)
@DoughFina Twitter (Jul 16)
@H4ckManac Twitter (Jul 16)
@Olympix_ai Twitter (Jul 16)
@EXVULSEC Twitter (Jul 16)
Ethereum Transaction Hash (Txhash) Details | Etherscan
(Jul 16)
Ethereum Transaction Hash (Txhash) Details | Etherscan
(Jul 16)
@DoughFina Twitter (Jul 16)
@Olympix_ai Twitter (Jul 16)
@DoughFina Twitter (Jul 16)