Back to the list

DeFi: Hackers Drain $3.8 Million From Binance Smart Chain Project DODO

coinfomania.com 09 March 2021 09:21, UTC
Reading time: ~2 m

Binance Smart Chain-based liquidity protocol and decentralized exchange, DODO was recently exploited by malefactors, resulting in the loss of $3.8 million in WCRES, FDO, FUSDT, and USDT. 

DODO noted in an announcement today that the majority of its V2 Crowdpools, including WSZO, WCRES, ETHA, and FUSI pool, were targeted in the attack, while other Crowdpools were spared. 

Details of The Attack

Explaining how the hackers carted users’ funds, the Ethereum-based on-chain liquidity provider said the criminals took advantage of the bug in the affected V2 pools. 

Per the announcement, DODO noted that the bug made it possible for the ‘init() function’ to be called multiple times, making it possible for criminals to create fake tokens. 

DODO said after the fake tokens were created and used to initialize a smart contract using the init() function, its sync() function was also deployed to set the ‘reserve’ variable. 

The malefactors used the init() function to re-initialize the transaction. Still, this time around, it involved real tokens in affected pools, which were subsequently transferred from the pools and bypassing its “flash loan check.”  

Latest Development 

Since users created all the affected pools, DODO has temporarily suspended the pool creation portal on its platform as part of measures to prevent any further attack. 

Interestingly, one of the perpetrators had contacted DODO and promised to return some of the stolen funds of about $1.8 million to the exchange. 

However, DODO is not relenting as it has contacted its security partners to recover all the funds stolen from its Crowdpools.  The exchange reassured users that it is in control of the situation, saying that trading will proceed as always. 

Attacks on DeFi Protocols

The recent event is one of the many attacks that have been carried out on various decentralized protocols. 

Since the decentralized finance (DeFi) space boom in mid-2020, hackers have consistently taken advantage of bugs found in most DeFi protocols. 

It seems these protocols are too eager to commence operations due to the massive opportunities in the space that they forget to cover some major flaws in their project that could lead to loss of funds. 

One of the major attacks that shook the DeFi space was the exploit on the Cover protocol, leading to the perpetrators minting 40 quintillion COVER tokens, crashing the token’s value by 92%. 

Affiliate:  Get a Ledger Nano X Now So That Hackers Won't Steal Your Crypto!

Follow us on Twitter, Facebook, and Telegram to receive timely updates. Subscribe to our weekly Newsletter.

Back to the list