DeFi Protocol Dough Finance Issues Warning After $1.8M Hack, Urges Return of Stolen Funds

Dough Finance issues urgent warning following $1.8M hack, demands return of stolen funds.

On 12 July 2024, Web3 security firm  Cyver reported that the Dough Finance platform was exploited by an unknown hacker.

The Dough Finance team also issued a stern warning to a hacker who exploited its smart contract on July 12.

Contrary to early fears, AAVE pools remained unaffected, but Dough Finance suffered a significant loss of over $1.8 million USDC. The attacker utilised funds via Railgun before targeting Dough Finance, converting the stolen funds into Ether. Cyvers confirmed the severity of the breach, emphasising the urgent need for heightened security measures within decentralised finance (DeFi) platforms.

According to Web3 security provider Olympix alert, the exploiter took advantage of unvalidated calldata in the ConnectorDeleverageParaswap contract, allowing the attacker to manipulate transactions. Users with funds in Dough Finance, particularly those associated with the affected contract, are advised to monitor their accounts closely and consider withdrawing funds to secure wallets. 

Through an on-chain message, the Dough Finance team asked the hacker to contact them via email or return the stolen funds to a specified address by Monday, July 15, 2024, 23:00 UTC. They warned that failure to respond would lead them to pursue legal action to recover the misappropriated funds.

Hacking incidents in the crypto DeFi sector are quite common. A report last year indicated that nearly 70% of hacking incidents in the crypto space involved DeFi protocols, highlighting the sector’s imperfections.

Read also: U.S. Congressman Demands Hostage Status for Binance Exec Imprisoned in Nigeria