Dogechain Halted, Restored After Critical Bug Found
The Dogechain team denies that any funds were lost despite "unwarranted minting."
Key Takeaways
- Dogechain halted its network for several hours this weekend after a vulnerability was found on its bridge network.
- The team said that no funds were lost, but other sources suggest that $316,000 of crypto may have been converted.
- The vulnerability does not affect other dog-themed meme projects like Dogecoin and Shiba Inu token.
Share this article
Dogechain halted transactions this weekend after developers detected a critical bug in the project’s bridge contracts.
Dogechain Paused Transactions
Dogechain was at risk of an exploit this weekend.
The project’s developers found a bug on September 10 and paused block creation for several hours. On September 11, the development team said that the network was once again live with ongoing maintenance.
The bug could have allowed attackers to mint wrapped DOGE (wDOGE) freely on the bridge network.
The project said that the fact that its network currently runs on a Proof-of-Authority (PoA) consensus mechanism allowed the team to reverse the “unwarranted minting of wDOGE.” It added that it would remain under PoA until the team is fully prepared to transition to Proof-of-State (PoS) consensus.
Dogechain noted that the issue concerned an “internal bug” rather than “an exploit or hack.” The team assured the public that no Dogecoin (DOGE) had been lost or stolen. It added that no “internal funds” had been lost either—presumably referring to Dogechain (DC) and wrapped Doge (wDOGE) tokens.
However, some sources argue that Dogechain did indeed lose funds. Independent crypto researcher Crumbs suggested that an attacker exploited the vulnerability to mint 9.7 million wDOGE ($600,000). The supposed attacker converted as much as $316,000 to other assets; a portion of those funds may have been deposited to Binance.
Dogechain contributor Roc Zacharias responded to Crumbs and denied the theft, stating that the project “had [an] internal bug [and] no hack.” He continued: “No funds lost. Nothing bridged out [or] lost like you’ve suggested here.”
Despite those denials, it appears that an Ethereum address beginning with 0x78F05… has been specifically blacklisted by Dogechain. Additionally, Dogechain’s official account of events implies that funds were minted without warrant at one point, even though those mints were reversed.
Those facts do not confirm that an attacker successfully committed theft. However, it does seem that an individual performed transactions that could have led to a loss of funds.
It should be emphasized that the vulnerability affects Dogechain, not Dogecoin. The two projects have no official relationship. Dogechain aims to build a Layer 2 network that allows bridged Dogecoin tokens to be used on new applications such as decentralized exchanges and NFT marketplaces.
Furthermore, the vulnerability described above is entirely unrelated to a data leak that recently affected Shiba Inu token, another popular doge-themed blockchain project.
Disclosure: At the time of writing, the author of this piece owned BTC, ETH, and other cryptocurrencies.
Share this article