Fun

Old Dolomite exchange contract suffers $1.8M loss from approval exploit

News Feed - 2024-03-21 06:03:25

Christopher Roark2 hours agoOld Dolomite exchange contract suffers $1.8M loss from approval exploitThe Ethereum version of Dolomite suffered a $1.8 million exploit, and the team is warning users to revoke approvals for this old address.1076 Total viewsListen to article 0:00NewsOwn this piece of crypto historyCollect this article as NFTJoin us on social networksAn old contract previously used by the Dolomite crypto exchange has been exploited for approximately $1.8 million, according to a March 20 report from blockchain security platform CertiK and seen by Cointelegraph. The exploit affected users who previously authorized approvals to the contract, and the development team recommended revoking approvals to the Ethereum Dolomite address that begins with 0xe2466. 


The development team claimed that users who have only interacted with the current version on Arbitrum should not be affected. They have also disabled the faulty contract, which should protect users who have not yet become victims of the attack. Even so, the team argued that users should revoke approvals to this contract.Source: Dolomite


Dolomite is a decentralized exchange and money market protocol that currently runs on Arbitrum and Polygon zkEVM. It originally launched on Ethereum in 2019. The team migrated it to the Arbitrum network in 2022 and gradually phased out support for the Ethereum version. Because of the immutable nature of smart contracts, users can still interact with its Ethereum version using developer tools.


According to the CertiK report, the attacker exploited a function named “callFunction” that allows a user to make any arbitrary calls. This function is guarded by a “noEntry” modifier, which under normal circumstances, should prevent any reentrancy attacks. However, this guard can be bypassed by the TradeManager contract located at 0xe2466, which contains a “call” function that has no reentrancy guard. Thus, the attacker was able to use this contract to drain funds from users, CertiK claimed.


The attacker transferred all of the stolen funds to address 0x5eAA7DadA44d59549A6c58008b2bd3C7F81d2502 and then deposited them into Tornado cash, Certik stated.


Related:ParaSwap evades hack targeting Augustus v6 contract vulnerability


This exploit is one of several that have occurred in March. On March 11, the Unizen protocol on Ethereum lost over $2.1 million due to an approval exploit. In that case, the development team promised to reimburse users as soon as possible. On March 15, Mozaic Finance lost over $2.4 million due to a private key compromise.# Ethereum# Hackers# Cryptocurrency Exchange# Hacks# Decentralized Exchange# DeFi# ArbitrumAdd reactionAdd reactionRead morePrice analysis 3/20: BTC, ETH, BNB, SOL, XRP, ADA, DOGE, AVAX, SHIB, TONSEC pushes deadline on VanEck spot Ether ETF applicationParaSwap evades hack targeting Augustus v6 contract vulnerability

News Feed

Government Agencies Need Crypto Wallets and Access to Exchanges, Russian Prosecutors Say
Government Agencies Need Crypto Wallets and Access to Exchanges, Russian Prosecutors Say Russian authorities are finding it hard to cash out digital assets they have gotten hold of
Elon Musk offers free premium features on X, crypto scammers included
Arijit Sarkar7 minutes agoElon Musk offers free premium features on X, crypto scammers includedElon Musk rolled out the paid verification model on X, earlier known as “Twitter Blue,” to fight the scammers and spammer
Ethereum Fails To Break $2,100 Resistance – Growing Downside Risk?
Reason to trust Strict editorial policy that focuses on accuracy, relevance, and impartiality Created by industry experts and meticulously reviewed The highest standards in reporting and pu
Uniswap CEO warns US President to reverse course on crypto policies
Turner Wright5 hours agoUniswap CEO warns US President to reverse course on crypto policiesHayden Adams suggested that crypto policies from the SEC and Senator Elizabeth Warren could hurt President Joe Biden’s chances
Filecoin Offering: Community Alleges Token Dumping, Tron’s Justin Sun Wants the US SEC to Investigate
Filecoin Offering: Community Alleges Token Dumping, Tron"s Justin Sun Wants the US SEC to Investigate The recent Filecoin (FIL) token offering is creating contro
Russian ‘Time Capsule’ to Facilitate Inheritance of Crypto Assets
Russian ‘Time Capsule’ to Facilitate Inheritance of Crypto Assets Researchers in Moscow are developing a new service that will allow users to transfer digita
Ledger Reveals New Crypto Hardware Wallet Designed by iPod Creator Tony Fadell
Ledger Reveals New Crypto Hardware Wallet Designed by iPod Creator Tony Fadell On Tuesday, the hardware wallet manufacturer Ledger announced the launch of a new device called Ledge
Mega Awakening — Whale Transfers 429 ‘Sleeping Bitcoin’ From 2010 Worth Over $16.8 Million
Mega Awakening — Whale Transfers 429 "Sleeping Bitcoin" From 2010 Worth Over $16.8 Million After tapping a 24-hour high at $42,592 per unit, the price of bitcoin lost the gains i
DentaVox: Market Statistics Powered by Blockchain
DentaVox: Market Statistics Powered by BlockchainBack in November 2017, the Netherlands-based Dentacoin Foundation launched its market research platform DentaVox among other softwar
US Lawmaker Says ‘Too Much Money and Power’ Behind Crypto to Ban It
US Lawmaker Says "Too Much Money and Power" Behind Crypto to Ban It U.S. Representative Brad Sherman says Congress has not banned crypto because “there’s too much mon
Revive Project to Revolutionize Crypto Investments and NFTs With Unique Ecosystem
Revive Project to Revolutionize Crypto Investments and NFTs With Unique Ecosystem press release PRESS RELEASE. The Revive Project’s Unique ecosystem offers the crypto communi
Hackers Move Another $800K in BTC Stolen From the 2016 Bitfinex Breach
Hackers Move Another $800K in BTC Stolen From the 2016 Bitfinex BreachAnother $800,000 worth of bitcoin from the Bitfinex hack of four years ago has been moved to an unknown wallet.