Yesterday, March 9, the DODO decentralized exchange announced a hacker attack in which attackers stole about $ 3.8 million in cryptocurrency using errors in V2 Crowdpools smart contracts. Later, the exchange reported that almost half of the stolen goods were returned.
This attack is believed to have involved two independent actors, which sets it apart from the typical hacks seen in the cases of Harvest Finance or KuCoin. According to the data, the exchange managed to return $ 1.89 million, including about 1,140,000 USDT and 411 ETH. These funds will be returned to the affected parties.
The first hacker, called “Person A” by the exchange, created fake DODO tokens and exchanged them for real ones using a smart contract error. Some time after the expanded message of the exchange about the attack (indicating transactions and wallets), the attacker contacted the well-known white hacker @samszsun from Paradigm to help him return the stolen funds to the exchange (the white hacker is hacking to identify weak points and close vulnerability, for which he receives a reward).
The second attacker, Person B, performed three smart contract exploits 10 minutes after Person A. In the information announced by the trading platform, it is noted that “Osoba B” is most likely a bot. As part of the attack, he used CHI tokens, added numerous zeros to the contact address, and set unusually high gas prices).
The funds stolen by him are now at two addresses:
It is unclear if he will return the cryptocurrency to the decentralized exchange, as the first hacker did.
According to DODO, trading and DODO-approved wallet addresses were not affected by exploits.