Dolomite Exchange Experiences Security Breach; Over $1.8M Embezzled through Exploited Contract

A contract that was created in 2019 and used by the Dolomite cryptocurrency exchange has been compromised, resulting in the loss of $1.8 million, which is equivalent to 541 ETH, from the exploited contract.

According to Peckshield Alerts, a blockchain security company, the contract that was previously employed by the Dolomite exchange was exploited, allowing for the illegal transfer of approximately $1.8 million USDC. The attacker exchanged the stolen USDC for 541.5 ETH, which is worth around $1.9 million, and 94,000 DAI tokens.

The attacker targeted the “callFunction” feature of the contract, which allows for calls to any code. The “call” function of the contract did not include a “reentrancy guard,” which allowed the attacker to drain money from the affected users, as reported by CertiK.

The users who were affected by this vulnerability were part of a specific group that had approvals. The development team promptly notified these users to revoke the accesses granted to the Ethereum Dolomite’s address, which starts with 0xe2466.

To ensure the safety of users who have not yet revoked their approvals, the team advised them to do so and submitted a transaction to address the issue. However, they still encourage all users to revoke approvals related to the contract as an additional security measure.

In order to prevent further victims, the developers disabled the first version of the contract on Arbitrum, the blockchain network Dolomite had transitioned to in 2022. Although this action was taken, users are reminded to revoke access and increase their security measures related to the contract.

While the Dolomite team handles the aftermath of the hacker’s exploit, users are strongly advised to revoke approvals from the affected contracts, as stated by the team. It is crucial for users to remain vigilant in their cryptocurrency endeavors.