Dough Finance, a decentralized finance (DeFi) protocol, fell victim to a flash loan attack on July 12th, 2024, resulting in a loss of $1.8 million in digital assets. This incident highlights the ongoing security challenges faced by the DeFi space, which has already witnessed significant losses in 2024.
Web3 security firm Cyvers identified suspicious transactions on the Dough Finance protocol and alerted lending protocol Aave to check for potential pool vulnerabilities. Thankfully, Aave’s pools remained secure. However, the attacker targeted Dough Finance directly.
Exploiting a Vulnerability
According to Cyvers, the attacker leveraged a zero-knowledge (ZK) protocol called Railgun to initiate the attack. The exploit centered around unvalidated data within Dough Finance’s “ConnectorDeleverageParaswap” contract. This contract’s failure to properly verify incoming data during flash loan calls allowed the attacker to manipulate the system and steal funds.
Impact and Recommendations
Web3 security provider Olympix pointed out that users who deposited funds in the compromised Dough Finance contract might be affected. However, they emphasized that Aave pools were not impacted.
Olympix strongly advised Dough Finance users to consider withdrawing their funds to a secure wallet and to closely monitor official announcements from the Dough Finance team. Additionally, they recommended users avoid interacting with the protocol until the situation is fully resolved.
DeFi Security Concerns
This attack serves as a stark reminder of the security risks associated with DeFi protocols. While Dough Finance’s losses amounted to roughly $1.8 million, a report by blockchain security company CertiK reveals that the wider cryptocurrency space has suffered over $1.19 billion in on-chain security incidents during the first half of 2024 alone. Phishing attacks and private key compromises were identified as the leading culprits behind these losses, accounting for nearly $900 million in stolen funds.
CertiK co-founder Ronghui Gu emphasized the importance of implementing multi-factor authentication (MFA) methods like 2FA and security keys to bolster DeFi security.
Also Read: Binance Freezes Millions in Stolen Funds as BtcTurk Hack Unfolds (Crypto Hot Wallets Targeted)
The Dough Finance incident underscores the need for continuous vigilance and robust security measures within the DeFi space. As DeFi adoption grows, so too does the responsibility to ensure user funds are adequately protected.
Disclaimer: The information in this article is for general purposes only and does not constitute financial advice. The author’s views are personal and may not reflect the views of Chain Affairs. Before making any investment decisions, you should always conduct your own research. Chain Affairs is not responsible for any financial losses.