Dogechain had a great start, but nevertheless caused a lot of controversy in the crypto space. Some people thought it was an unacceptable move to advertise the DeFi product as something that is based on Dogecoin rather than admitting that both the blockchain and the brand have nothing to do with the project. Even the Dogecoin Foundation had to make a statement to set things right. Fast forward: A few weeks later Dogechain seems to have the first security incident and yet again two versions are passed around on social media.
Was there even an exploit at Dogechain and were any funds at risk?
The community is on alert
Various Twitter accounts shared the news that there was an exploit going on. According to their statements, an unknown hacker managed to mint wDOGE using this address: 0x78F05ACD03b4Dc51db68527aFDE64EB2F07938e. Dogechain is not directly a part of the Dogecoin blockchain. To transfer DOGE from one chain to another, the protocol uses a bridge. If a user locks a certain amount of DOGE on the Dogecoin blockchain, an equal amount of wDOGE is minted on the other side.
This system is very common in DeFi to bridge assets from one chain to another. The downside is that smart contracts involving bridges are considered to be more vulnerable and are more likely to become a target for an exploit. Often these exploits mean that assets are minted on one end without depositing them on the other. In effect, the protocol is drained and investors suffer the damages of holding a tokenized version of a crypto asset that is no longer backed by the original deposits.
If the statements that are made on social media are true, then the attacker managed to mint over 9 million wDOGE which was worth $600,000 at the time of the incident.
Dogechain team denies it even happened
After the whole Dogechain went into maintenance yesterday, users were informed that there was an internal bug that had to be fixed and that the bridge is back online. According to the project’s official Twitter account, there was no exploit, but the team was able to “successfully revert the unwanted minting of wDOGE on the Dogechain”.
It seems that this is indeed the confirmation that something went wrong, but it is still up for debate whether Dogechain is downplaying the incident or not.
The address that was allegedly involved in minting the assets was blacklisted according to the project’s GitHub. It is still unclear how an internal bug is any different from an exploit and the fact that the whole Dogechain was stopped seems to support the theory that the incident was indeed more severe than the project leaders are willing to admit. It looks like they just saw the exploit happen and decided to hard fork the chain in order to revert the result of the attack.
According to their statements, no user funds were at risk and the Dogechain returned to a normal state. Investors are well-advised to keep in mind that Dogechain is in beta status and at this stage, the whole ecosystem is considered to be the wild west. Thus, maximizing the possibility for profits but also carrying a high risk of losing all funds invested.