Dough Finance Reports $1.8M Loss in Flash Loan Attack

Dough Finance Reports $1.8M in Losses Due to Flash Loan Attack

Dough Finance Reports– Decentralized finance (DeFi) protocol Dough Finance lost $1.8 million in digital assets due to a flash loan attack. On July 12, Web3 security firm Cyvers flagged multiple suspicious transactions and worked with lending protocol Aave to confirm the safety of their pools, which were unaffected. However, Dough Finance bore the brunt of the attack. Cyvers reported that the attacker utilized the zero-knowledge (ZK) protocol Railgun to fund the attack, exchanging stolen USD Coin (USDC) valued at $1.00 for Ether (ETH) valued at $3,068 per token. In total, the attacker acquired 608 ETH, equivalent to approximately $1.8 million.

Dough Finance Faces $1.8M Loss in Flash Loan Attack

Web3 security provider Olympix identified that the exploit stemmed from unvalidated calldata within the ConnectorDeleverageParaswap contract. According to Olympix, the contract failed to properly verify the data received during flash loan calls, enabling the attacker to manipulate it for their own gain. This loophole allowed the attacker to manipulate data and abscond with funds.

Olympix cautioned that users who deposited funds into the exploited contract of the DeFi protocol might be affected. However, they assured that Aave pools remained unaffected by the breach.

In response, Olympix recommended Dough Finance users consider withdrawing their funds to a secure wallet. They also advised vigilance regarding updates from the Dough Finance team and suggested refraining from interacting with the protocol until the security situation is resolved.

Crypto Space Faces Over $1 Billion in Losses Amidst Recent Hacks

While the hack on Dough Finance resulted in losses nearing $2 million, the broader crypto industry has already incurred over $1 billion in digital asset losses due to various incidents.

On July 3, blockchain security firm CertiK released a security report revealing that onchain incidents alone accounted for $1.19 billion in losses during the first half of 2024. The majority of these losses stemmed from phishing attacks amounting to nearly $500 million, and compromises of private keys resulting in losses nearing $409 million.

CertiK co-founder Ronghui Gu emphasized the critical importance of implementing robust security measures such as multifactor authentication methods like two-factor authentication (2FA) and security keys to mitigate such risks effectively.

For the latest in crypto updates, keep tabs on Crypto Data Space.