The Ethereum contracts associated with the popular decentralized exchange, Dolomite, recently fell victim to a concerning approval attack, resulting in a significant loss estimated at around $1.9 million.
The old contracts of @Dolomite_io on Ethereum suffered an approval attack, resulting in a loss of ~$1.9M.
The hacker exploited the batchTransfer function of the TradeDelegate contract to transfer tokens approved to the contract from users. The batchTransfer function can only be… https://t.co/kXZsIXPtkI pic.twitter.com/SwnwwEvszA
— Beosin Alert (@BeosinAlert) March 21, 2024
The attack targeted the batchTransfer function within the TradeDelegate contract, exploiting tokens approved to the contract from unsuspecting users. This function, designed to be accessible only by approved addresses, was manipulated by the hacker to their advantage.
In response to the breach, the Dolomite team took swift action by submitting a transaction to disable the exploited contract, thereby preventing further unauthorized access.
2/
We have submitted a transaction that disables the exploited contract from being called anymore.https://t.co/gtE0HRueqg
In the interest of providing real time updates, we are posting this now as we investigate, and we will update this thread as we learn & do more.
— Dolomite 🏔️ (@Dolomite_io) March 20, 2024
Dolomite Effort To Help The Situation
This proactive measure aims to safeguard users who have not yet revoked their approvals. However, to ensure maximum security, all users, especially those who interacted with the old Dolomite product before 2020, were strongly encouraged to revoke approvals on the affected contract.
It’s important to note that the impact of this security breach is primarily limited to users of the old Dolomite platform who maintained approvals prior to its discontinuation in 2020. By revoking approvals, users can mitigate the risk of potential vulnerabilities and protect their assets from further exploitation.
While the situation is being addressed by the Dolomite team, users are advised to remain vigilant and take precautionary measures to safeguard their funds.
The incident underscores the ongoing importance of robust security protocols in the decentralized finance (DeFi) space and serves as a reminder for users to exercise caution when interacting with smart contracts and decentralized platforms.
Disclosure: This is not trading or investment advice. Always do your research before buying any cryptocurrency or investing in any services.
Follow us on Twitter @themerklehash to stay updated with the latest Crypto, NFT, AI, Cybersecurity, and Metaverse news!
Image Source: serezniy/123RF // Image Effects by Colorcinch