Security Breach Hits Dolomite Exchange; Nearly $1.8M Drained from Exploited Contract

The post Security Breach Hits Dolomite Exchange; Nearly $1.8M Drained from Exploited Contract appeared first on Coinpedia Fintech News

A contract dated back to 2019 with the Dolomite crypto exchange was compromised paving the way for the loss of $1.8 million i.e. 541 ETH from the exploited contract. 

As highlighted by the blockchain security company Peckshield Alerts, the tightly controlled contract previously applied at the Dolomite exchange served as the channel for the illegal transfer of about $1.8 million USDC. The exploiter swapped the stolen $USDC for 541.5 $ETH approximately $1.9m & 94k $DAI tokens.

The attacker targeted the “callFunction” feature that offers calls to any code. Its “call” function lacked the “reentrancy guard” and through this vulnerability, the attacker could drain money from the affected users, a CertiK report revealed.

Users from this particular group were involved in approvals and hence hit by the bug. The development team immediately alerted the users to revoke the accesses addressed to the Ethereum Dolomite’s address, which has an initial 0xe2466.

3/

With the above transaction submitted, all users who have NOT revoked approvals yet, *should* be safe.

However, we still encourage users to revoke approvals on the above contract.

— Dolomite (@Dolomite_io) March 20, 2024

Impact and Mitigation Efforts

As far as the users who communicated directly with the 1st version of the contract on Arbitrum remain unharmed, the developers disabled it without any delay to prevent other victims. Despite putting these precautions in place, the users are being reminded to revoke access that is related to the risk of the contract as well as to increase security.

In 2022, Dolomite, an exchange and lending protocol built on Ethereum, decided to move to Arbitrum gradually ending support for Ethereum-based protocol. And because the smart contracts are irreversible, they were capable of managing the Ethereum version via competent tools.

While the Dolomite team deals with the post effects of hacker exploit, users are strongly urged to revoke approvals from the affected contracts as said by the team and stay vigilant in their crypto endeavours.