News View Non-AMP

Dough Finance Hit by $1.96 Million Exploit, User Funds at Risk!

Published by
Qadir AK

Ugh, oh no! Dough Finance just got hit hard.

In a rather disheartening event for the community, Dough Finance has been drained for nearly $1.8  million in the USDC with subsequent attacks increasing the total loss to $1.96 million. The leakage has raised many users’ suspensions with their money and has made them doubt the safety of the service.

But wait, it gets worse… Want to know how they did it, and more importantly, how to protect your own funds? Keep reading for the chilling details and crucial steps you need to take.

Understanding the Cause

CertiK alerts have identified the root cause of the breach as a flaw in the ConnectorDeleverageParaswap contract. The issue stemmed from unvalidated calldata during flash loan calls, which allowed the attacker to manipulate the data to their advantage. Specifically, the contract failed to properly validate incoming data during these calls, giving the attacker the opportunity to exploit this vulnerability.

The attacker utilized Railgun to quickly convert the stolen USDC into ETH, complicating efforts to trace and recover the stolen funds. This swift conversion made it nearly impossible to track the assets and return them to their rightful owners.

Following the initial breach, the attacker struck Dough Finance once more, causing an additional loss of $140,498 and bringing the total damage to $1.96 million. The second attack exacerbated the situation, further undermining confidence in the platform’s security.

Who Was Affected?

Users with funds deposited in the compromised Dough Finance contracts are the most impacted by this breach. On the other hand, users associated with AAVE remain unaffected, as the attack was specific to Dough Finance contracts and did not involve any AAVE pools.

Recommended Actions for Users

Withdraw Funds Immediately: If you have funds in Dough Finance, transfer them to a secure wallet, particularly if they are in the affected contracts.

Stay Informed: Monitor updates from the Dough Finance team for further instructions and information on the breach.

Avoid Interaction: Do not engage with the Dough Finance protocol or any of its contracts until it is confirmed to be fully secure.

While the team behind Dough Finance is looking into the breach and is trying to mitigate damages, people are encouraged to get acquainted with the new information in the official media and protect their property from possible damage.

Read Also: Compound Labs Website Breach: Security Restored, Smart Contracts Safe

Flash loan, gone fast! Learn from Dough Finance’s misfortune and be proactive in protecting your crypto investments.

Qadir AK

Qadir Ak is the founder of Coinpedia. He has over a decade of experience writing about technology and has been covering the blockchain and cryptocurrency space since 2010. He has also interviewed a few prominent experts within the cryptocurrency space.

Recent Posts

Pi Network Price Breakout Prediction: Is $1 Next After 19% Surge?

Pi Coin is showing signs of a strong comeback ahead of Pi2Day. In the last…

June 26, 2025

Will Your Bitcoin Help You Qualify for a Home Loan Now? Trump Just Said Yes

In a big step for cryptocurrency adoption, the U.S. government has made a surprising move…

June 26, 2025

XRP Price Prediction For June 26

The cryptocurrency market has seen bullish energy in recent days, and XRP is no exception.…

June 26, 2025

Cboe BZX Files Form 19b-4 With SEC to List Canary PENGU ETF

The Cboe BZX exchange has filed Form 19b-4 with the United States Securities and Exchange…

June 26, 2025

FHFA Orders Fannie Mae and Freddie Mac to Recognize Crypto as Mortgage Asset

The Federal Housing Finance Agency (FHFA) under director William Pulte, has directed Fannie Mae (Federal…

June 26, 2025

Top 10 Best Crypto Presales June 2025 – Unstoppable Opportunities to Skyrocket Your Portfolio!

Crypto’s Next Wave – Are You Ready? Crypto enthusiasts, June 2025 has arrived with a…

June 25, 2025