Back to the list

DeFi Protocol Dodo Hacked for $3.8 Million


decrypt.co 09 March 2021 09:14, UTC
Reading time: ~2 m

Decentralized exchange Dodo was hacked for $3.8 million in the last 24 hours, but expects about half of those funds to be returned, according to a statement.

Dodo is a decentralized exchange (DEX) for swapping cryptocurrency tokens, a part of the decentralized finance (DeFi) ecosystem. It runs on two blockchain platforms: Ethereum and Binance Smart Chain. The exchange works by having market markers contribute to pools of funds, enabling traders to buy and sell tokens from the pools.

PSA Regarding Recent Exploit on DODO

On March 8, Several DODO V2 Crowdpools were attacked. WSZO, WCRES, ETHA, and FUSI pools were impacted, while AC pool funds have been fully recovered.

Funds in all other pools, including all V1 pools and all non-Crowdpool V2 pools, are safe.

— DODO DEX (@BreederDodo) March 9, 2021

Four pools of funds were affected in the exploit, specifically the WSZO, WCRES, ETHA, and FUSI pools. The exchange claims that other pools were unaffected.

The growing problem of DeFi hacks

Dodo explained that a bug enabled attackers to create counterfeit tokens and use flash loans—very fast loans that occur within a single transaction—to collect real tokens. They then siphoned these tokens out of the platform into their own wallets.

The funds stolen include $1.15 million of the stablecoin Tether and $900,000 in WCRES, a wrapped version of the CrescoFin token (which aims to disrupt the banking industry).

Hackers have attacked a number of DeFi protocols in recent months. Image: Shutterstock

Dodo was created to compete with Uniswap, the biggest Ethereum-based decentralized exchange. It claims to replace Uniswap’s Automated Market Maker (AMM) system—which matches trades between traders—with a new algorithm, called Proactive Market Maker (PMM). Dodo argued that this would provide 10X more liquidity.

This is the latest in a series of DeFi hacks, showing that the space remains experimental and very risky. Last week, DeFi platform Meerkat Finance was hacked on its first day for $31 million—although some members of its community suggested it could have been a rug pull, in which the team behind a project runs away with the money.

Binance Chain DeFi Project ‘Loses’ $31 Million a Day After Launch

Regulators are turning their attention to the nascent DeFi space. In late 2020, the US Commodity Futures Trading Commission heard a presentation about DeFi exploring how regulators might exercise oversight of new financial protocols, and who action could be brought against. SEC commissioner Hester Peirce has also argued that DeFi will require the SEC to "sit down and ask some fundamental questions about regulations," in an interview with Decrypt.

Back to the list