Dolomite Crypto Exchange Suffers $1.8M Loss due to Security Breach: CertiK Report
Summary:
An old contract from Dolomite crypto exchange was exploited, leading to a loss of approximately $1.8 million. The security breach report was issued by blockchain security platform CertiK. Users who had authorized approvals to the original contract were affected. The Dolomite development team has recommended revoking contract approvals and have deactivated the faulty contract. The attacker exploited a function, bypassed the guard, and drained funds from users. Stolen funds were transferred to another address and then deposited into Tornado Cash.
Blockchain security platform CertiK issued a report on March 20 pointing out a security breach that led to the loss of around $1.8 million from the crypto exchange Dolomite. This breach had affected the patrons who had given approvals to the original contract. The Dolomite development crew has suggested contract approvals for the Ethereum Dolomite address, beginning with 0xe2466, to be revoked. Users trading with the current Arbitrum version reportedly remain unaffected by this. The development team has deactivated the contract in question with an aim to safeguard those users who haven't fallen prey to this onslaught. Still, they stress on the need for users to withdraw approvals from this contract.
CertiK's report elucidates the manner of the attack where the wrongdoer exploited a feature called “callFunction” facilitating any user to make arbitrary calls. Usually, a “noEntry” modifier safeguards this function from any reentrancy attacks, but the attacker managed to dodge it using the TradeManager contract at 0xe2466. This contract houses a “call” function which is not secured with a reentrancy guard, and the attacker efficiently drained user funds using this weak spot, as suggested by CertiK.
The offender shuffled the stolen funds to address 0x5eAA7DadA44d59549A6c58008b2bd3C7F81d2502 before depositing them into Tornado cash, as per CertiK's findings.
The past month witnessed a series of such exploitations. The Unizen protocol on Ethereum coughed up over $2.1 million on March 11 due to an approval exploit, following which the development team pledged to compensate users at the earliest. Additionally, private key compromise led Mozaic Finance to a loss exceeding $2.4 million on March 15.
Published At
3/21/2024 12:13:25 AM
Disclaimer: Algoine does not endorse any content or product on this page. Readers should conduct their own research before taking any actions related to the asset, company, or any information in this article and assume full responsibility for their decisions. This article should not be considered as investment advice. Our news is prepared with AI support.
Do you suspect this content may be misleading, incomplete, or inappropriate in any way, requiring modification or removal?
We appreciate your report.