A DeFi protocol called Dawgh Finance has suffered a loss of cryptocurrency amounting to nearly $2 million due to a recent attack using instant loans. Flash Loans allow users to borrow large amounts of cryptocurrency with the condition that it must be repaid within the same transaction.
The Peckshield service was the first to bring attention to the incident. The attack was funded through the zero-disclosure protocol Railgun, and money laundering was carried out through Tornado Cash, both commonly used by hackers to cover their tracks. Dawgh Finance acknowledged the hacking incident a few hours after it occurred.
According to data provided by cyvers, the attacker exchanged the stolen USDC tokens for Ethereum, resulting in the hacker receiving 608 ETH valued at approximately $1.9 million. It is worth noting that the malicious contract was created less than 2 minutes before the transaction was hacked.
Olympix IB-company highlighted that the exploit occurred due to unusual calls (Callback) in the contract of the Aswap platform. The contract failed to properly verify the data obtained during instant loan calls, allowing the attacker to manipulate the data and steal funds.
Olympix stated that users who had funds in the affected contract may be impacted. However, the AAVE pools were not affected by the hacking incident. Olympix advised Dawgh Finance users to consider withdrawing their funds to a secure wallet and urged them to refrain from interacting with the protocol until the situation is resolved.
Dawgh Finance has reported that they are actively working on recovering the lost funds and establishing an Assistance Fund for affected users.