$1 810 000 USD

JULY 2024

GLOBAL

DOUGH FINANCE

DESCRIPTION OF EVENTS

Dough Finance is a DeFi protocol, and its DeFi Smart Account (DSA) integrates various DeFi services into an easy-to-use interface to help users manage their digital currency in an automated manner.

 

"According to Cyvers, the attacker was funded through the zero-knowledge (ZK) protocol Railgun and swapped the stolen USD Coin for Ether. The attacker got a total of 608 ETH, worth about $1.8 million."

 

"Web3 security provider Olympix highlighted that the exploit was due to unvalidated call data within the “ConnectorDeleverageParaswap” contract. The firm explained:

 

“The contract didn’t properly check the data it received during flash loan calls, allowing the attacker to manipulate it for their benefit.” Because of this, the attacker was able to manipulate the data and steal the funds.

 

Olympix said those who deposited funds in the DeFi protocol’s exploited contract might be impacted. However, the security provider noted that the hack did not impact Aave pools."

 

"We detected potential suspicious activity related to @DoughFina. Loss $1.81M."

 

"Attention Dough Finance Users, We've identified an exploit: a few early Dough DeFi Smart Accounts (DSAs) were affected by a sophisticated exploit, resulting in unauthorized fund withdrawals."

 

"Update: We've recovered part of the stolen funds! These funds will go directly to the relief fund. Our team is working tirelessly with cybersecurity experts to recover the remaining assets. Thank you for your support and patience. #Recovery #DeFi"

Dough Finance is a DeFi protocol integrating other DeFi services into an easy-to-use interface to help users automatically manage their cryptocurrency. Due to unvalidated call data in the “ConnectorDeleverageParaswap” function, $1.81m worth of assets were able to be drained from the Dough Finance smart contract. The smart contract has an ongoing effort to recover the funds, which has so far recovered only part of the funds for users.

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2021 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.