Web3 security company Cyvers Alerts reported on social media X that it had detected several suspicious transactions involving Dough Finance. Cyvers Alerts contacted lending protocol Aave to confirm whether its pools were affected. The experts assured that Aave pools were safe. The Dough Finance protocol was the main target of the attack.
The attacker obtained funding through the zero-knowledge Railgun protocol by exploiting a vulnerability in the ConnectorDeleverageParaswap smart contract of the Dough Finance protocol. Security provider Olympix explained that the smart contract failed to properly validate call data for flash loan requests, allowing the attacker to manipulate it for profit. The hacker was able to exchange the stolen USDC stablecoins for 608 ETH, worth about $1.8 million.
ALERTOur system has detected multiple suspicious transactions involving @DoughFina. After communicating with the #AAVE team, we can confirm that #AAVE pools are NOT affected.
The attacker was funded through #Railgun and has swapped everything stolen $USDC into $ETHresulting in a… pic.twitter.com/WchJeU5S0e
— Cyvers Alerts (@CyversAlerts) July 12, 2024
Security experts have advised Dough Finance users to consider withdrawing their crypto assets to secure wallets and temporarily stop interacting with the protocol until the issue is resolved.
Recall that in April, crypto security company Certik discovered a vulnerability in the Ember Sword NFT auction contract. Attackers used this vulnerability to steal 60 WETH.
Source: Bits
I am an experienced journalist, writer, and editor with a passion for finance and business news. I have been working in the journalism field for over 6 years, covering a variety of topics from finance to technology. As an author at World Stock Market, I specialize in finance business-related topics.
