The Dow Financial Flash Credit Attack: What We Know So Far

Dough Finance flash loan attack


Dow Financial lost $1.8M in flash credit attack due to smart contract vulnerability. The attacker stole unverified call data and extorted USDC before converting the assets to 608 ETH. They urged users to withdraw their money to protect their wallets.

Dow Financial has been the victim of a significant flash loan attack, resulting in a staggering loss of approximately $1.8 million in digital assets.

The attack, which exploited vulnerabilities in the protocol's smart contracts, highlights ongoing security challenges in the crypto space, and particularly in the DeFi space.

What Happened to the Dow Financial Attack?

The attack, discovered on July 12 by Web3 security firm Syvers, targeted Dow Financial's “ConnectorDeleverageParaswap” smart contract.

This contract, which was designed to facilitate transactions in the Diffi platform, failed to adequately verify call information during the execution of flash loans, allowing the attacker to control transaction details and illegally transfer 608 Ether (ETH), approximately $1.8 million during the attack.

The currency was originally converted into ETH in the form of USD Coin (USDC) using the zero-knowledge protocol Railgun, complicating efforts to trace and recover stolen assets.

Who is affected by flash credit attacks?

The Dow Finance flash credit attack primarily affected consumers with funds placed in exploited Dow Finance contracts.

While the loan pools of Aave, another popular DeFi platform, remain unaffected, the incident highlights the vulnerability of smart contracts and potential risks associated with decentralized financial protocols.

Security experts, including Olympic, have stressed the need for users to withdraw their funds and not interact with Dow Financial until the platform provides clear guidance on security measures.

Unsurprisingly, the attack on Dow Financial in 2024 adds to the trend of security breaches plaguing the cryptocurrency industry.

According to Certike's latest report, on-chain attacks caused more than $1.19 billion in losses in the first half of the year, with phishing attacks and private key compromise contributing significantly to these figures.



Leave a Reply

Pin It on Pinterest