The hacks and exploits on DeFi projects continue, and the latest victim to fall is the decentralized exchange platform – DODO. The attack targeted several V2 Crowdpools, and the stolen amount could go as high as $3.8 million.

DODO Victimized by Hackers

The decentralized finance sector is no stranger to malicious attacks and harmful exploits. The decentralized exchange and liquidity provider DODO is the latest to join the growing number of victims.

As the first complaints occurred on Twitter, the project said that it had “temporarily disabled” the pool creation portal as a precautionary measure while promising that it’s working with security partners to recover the funds.

Shortly after, the DODO team explained that the attack transpired on March 8th when the undisclosed hackers exploited several V2 Crowdpool. Namely, those are WSZO, WCRES, ETHA, and FUSI. DODO managed to recover the funds in the AC pool while all remaining pools – all V1 and non-Crowdpool V2 – were safe.

As far as the total stolen amount goes, the project asserted that “approximately $3.8 million, of which $1.88 million is expected to be returned, was drained as a result of these exploits.”

The post reads that one of the attackers already contacted the project and “offered to send back the funds removed from DODO pools.”

DODO said that its V2 Crowdpool had a bug that allowed the hackers to target them successfully. It worked as follows:

The bad actor creates a counterfeit token and initializes the smart contract with it by calling the init() function, then calls the sync() function and sets the “reserve” variable (representing the total balance) to 0. He calls init() again to re-initialize, this time with a “real” token, and uses a flash loan to transfer all such coins from the pools and bypass the flash loan check.

DODO found two individuals working on the exploit and noted that it’s investigating the issue with several notable industry names, such as Binance Smart Chain’s team, 1inch Exchange, PeckShield, and SlowMist.

DODO Token’s Minor Value Drop

In other recent examples of DeFi exploits, the native cryptocurrency of the project plummeted in value somewhat immediately. This was the case with PAID Network as the PAID coin crashed by more than 80% in minutes.

However, the situation with DODO doesn’t seem all that harmful for the token as far. DODO, which saw the light of day as a part of the Binance Launchpool in February, traded at $4.3 approximately at the time when news broke that the DEX was exploited.

Although it’s in the red now, DODO’s drop is significantly less harmful as it has decreased by about 7% to $4.

Binance Futures 50 USDT FREE Voucher: Use this link to register & get 10% off fees and 50 USDT when trading 500 USDT (limited offer).

PrimeXBT Special Offer: Use this link to register & enter CRYPTOPOTATO35 code to get 35% free bonus on any deposit up to 1 BTC.

Source link


Please enter your comment!
Please enter your name here