Decentralized exchange Dodo was hacked for $3.8 million in the last 24 hours, but expects about half of those funds to be returned, according to a statement.
Dodo is a decentralized exchange (DEX) for swapping cryptocurrency tokens, a part of the decentralized finance (DeFi) ecosystem. It runs on two blockchain platforms: Ethereum and Binance Smart Chain. The exchange works by having market markers contribute to pools of funds, enabling traders to buy and sell tokens from the pools.
Four pools of funds were affected in the exploit, specifically the WSZO, WCRES, ETHA, and FUSI pools. The exchange claims that other pools were unaffected.
The growing problem of DeFi hacks
Dodo explained that a bug enabled attackers to create counterfeit tokens and use flash loans—very fast loans that occur within a single transaction—to collect real tokens. They then siphoned these tokens out of the platform into their own wallets.
The funds stolen include $1.15 million of the stablecoin Tether and $900,000 in WCRES, a wrapped version of the CrescoFin token (which aims to disrupt the banking industry).
Dodo was created to compete with Uniswap, the biggest Ethereum-based decentralized exchange. It claims to replace Uniswap’s Automated Market Maker (AMM) system—which matches trades between traders—with a new algorithm, called Proactive Market Maker (PMM). Dodo argued that this would provide 10X more liquidity.
This is the latest in a series of DeFi hacks, showing that the space remains experimental and very risky. Last week, DeFi platform Meerkat Finance was hacked on its first day for $31 million—although some members of its community suggested it could have been a rug pull, in which the team behind a project runs away with the money.
Regulators are turning their attention to the nascent DeFi space. In late 2020, the US Commodity Futures Trading Commission heard a presentation about DeFi exploring how regulators might exercise oversight of new financial protocols, and who action could be brought against. SEC commissioner Hester Peirce has also argued that DeFi will require the SEC to “sit down and ask some fundamental questions about regulations,” in an interview with Decrypt.