Dolomite Exchange is hit by a security breach. Approximately $1.8 million lost due to abused contracts
A 2019 contract with the Dolomite cryptocurrency exchange was compromised, resulting in a loss of $1.8 million, or 541 ETH, due to the exploited contract.
As highlighted by blockchain security company Peckshield Alerts, the tightly controlled contracts previously in place on the Dolomite exchange served as a channel for the illicit transfer of approximately 1.8 million USDC. The attacker exchanged the stolen $USDC for 541.5 $ETH (about $1.9 million and 94,000 $DAI tokens).
The attacker targeted the “callFunction” function, which provides a call to any code. The “call” function lacked a “re-entrancy guard” and the vulnerability could allow attackers to extort money from affected users, CertiK. report exposed.
This particular group of users was involved in authorization and ran into a bug. The development team immediately warned users to revoke access to addresses in Ethereum Dolomite with an initial value of 0xe2466.
Impacts and Mitigation Efforts
While users who communicated directly with the first version of the contract on Arbitrum were not harmed, the developers disabled it without delay to prevent other victims. Despite these precautions, we are reminding users to revoke access related to increased security and contractual risks.
In 2022, Dolomite, an exchange and lending protocol built on Ethereum, decided to move to Arbitrum, gradually ending support for Ethereum-based protocols. And since smart contracts are irreversible, competent tools could be used to manage Ethereum versions.
While the Dolomite team deals with the after-effects of the hacker attack, users are strongly urged to de-authorize any affected contracts and exercise caution with their cryptocurrency activity, as the team said.