Dolomite cryptocurrency exchange, a decentralized exchange and money market protocol, recently experienced a security breach and lost approximately $1.8 million. An attacker exploited a vulnerability in an old Dolomite contract deployed on the Ethereum blockchain in 2019, according to a report from blockchain security firm CertiK. Meanwhile, according to AirDAO’s statement, hackers stole a large amount of coins from the AMB/ETH pool.
Dolomite experienced hack on its old smart contract
Dolomite migrated its primary operations to the Arbitrum network in 2022 and phased out support for the Ethereum version. However, due to the immutable nature of smart contracts, the Ethereum version remained accessible to users through developer tools. The attacker targeted a specific function called “callFunction” in the old contract. This functionality allows users to execute various commands within the scope of the contract. Although protections were in place to prevent unauthorized access, a critical flaw existed.
The “CallFunction” feature lacked a crucial security measure known as “re-entry protection.” This protection generally prevents attackers from manipulating code and consuming user funds. The attacker detected a secondary contract called “TradeManager” that interacts with “callFunction”. In particular, the “call” function in “TradeManager” lacked re-entry protection, creating an exploitable loophole. By manipulating this vulnerability, the attacker was able to make unauthorized calls via “callFunction”, resulting in funds being drained from user accounts.
Hack statement from AirDAO
On the other hand, AirDAO announced that there was a major theft of 35.2 million AMB tokens and 125.51 ETH from the AMB/ETH Uniswap pool. The team is cooperating with the exchanges and relevant authorities to catch the perpetrator and recover the stolen assets. The identity of the hacker is still unknown, but AirDAO is offering a 10% “white hat” reward to those who promptly return the funds. Otherwise, the team will contact law enforcement.
Exploits are common in the cryptocurrency space
Dolomite or AMB pool abuse is unfortunately not an isolated incident. There was a series of DeFi breaches in March 2024. Protocols such as Unizen and Mozaic Finance also fell victim to attacks. These incidents underscore the evolving nature of cyber threats in the DeFi space and the need for continued vigilance by both developers and users.
The Dolomite team is currently working to address the aftermath of the abuse. While the primary focus is on preventing further losses, the incident serves as a stark reminder of the importance of robust security measures in DeFi. As the DeFi ecosystem continues to evolve, developers need to prioritize security controls and implement best practices to protect user funds and build trust within the crypto community.
To be informed about the latest developments, follow us Twitter’in, Facebookin and InstagramFollow on . Telegram And YouTube Join our channel.