Dough Finance Loss. The flash loan assault on the decentralized finance (DeFi) protocol known as Dough Finance resulted in the loss of digital assets worth $1.8 million. Cyvers, a security business that services Web3, discovered the attack on July 12, according to the company’s post on X.
Cyvers stated that after identifying many questionable transactions, the company contacted the lending protocol Aave to evaluate the potential effects that this could have on its pools. As a result of our communication with the AAVE team, we can certify that the AAVE pools are not impacted,” the document stated.
Attacker Uses Railgun to Execute Attack
The perpetrator utilized Railgun, a zero-knowledge (ZK) protocol, to carry out the attack. This was accomplished by exchanging the stolen USD Coin for Ether, accumulating 608 ETH with a value of about $1.8 million. Olympix, a security supplier for Web3, conducted additional research and discovered that the exploit was caused by unvalidated call data in the “ConnectorDeleverageParaswap” contract.
Olympix explained that the contract did not adequately check the data received during flash loan calls. This allowed the attacker to modify the data to their benefit and steal the cash. Although most customers affected by the hack were those who had placed funds into Dough Finance’s exploited contract, Olympix has confirmed that the event did not affect Aave pools.
The security provider urged impacted users to withdraw their cash to a secure wallet and refrain from dealing with the protocol until the situation was fixed. This was done to reduce the risks associated with the incident.
At this point, it is important to point out that the attack on Dough Finance is not a unique incident in the cryptocurrency market. According to a security report released by CertiK on July 3, 2024, the first half of 2024 saw losses equivalent to more than one billion dollars in digital assets due to various security incidents.
Phishing assaults and private key compromises were found to be the primary causes of these losses, accounting for over $500 million and nearly $409 million, respectively. These losses were sustained when private keys were compromised.
Crypto Market Recovers Over Half of Stolen Funds in Q2
The cryptocurrency market has demonstrated remarkable endurance in the face of hardship, as evidenced by its record recovery rate of 77% for stolen money during the last quarter of 2024.
According to Hacken’s Web3 Security Report for the second quarter of 2024, out of the total amount of $512.9 million that was taken, $347.4 million has been successfully recovered or frozen from the stolen cryptocurrency monies. As stated in the report, “the amount of funds recovered is the silver lining amid the alarming rate of theft in cryptocurrency for the second consecutive quarter for the second consecutive quarter.” It should be noted that cryptocurrency scams have flourished on X. Analysts believe that scammers on the platform are responsible for a major share of all cryptocurrency scams.
According to the findings of an investigation carried out by Scam Sniffer, a web3 anti-scam company present on X, approximately fifty million dollars are lost every month due to account impersonation on X.com. Just recently, Yi He, co-founder of Binance, voiced his concerns with the proliferation of cryptocurrency scams on X. He also questioned whether or not Musk would address the problem.