Dango: White-hat hackers have returned the stolen funds and received bug bounty rewards, user funds remain unaffected

ME News Report, April 14 (UTC+8), DeFi project Dango announced an update three hours after disclosing a security incident, stating that white-hat hackers have fully returned the stolen funds and received a bug bounty, with user funds completely unaffected. Dango’s founder said they will deploy a fix, enhance security measures, and prepare to restart the blockchain. Previously, an announcement indicated that the attacker exploited a logic vulnerability in the insurance fund to steal USDC collateral, where the vulnerability was that the insurance fund allowed anyone to donate without checking if the donation amount was positive; thanks to cross-chain bridge rate limiting, the attacker bridged only $410k USDC to Ethereum, while the remaining $1.49 million remained on Dango and was recovered; the vulnerability has been fixed, and it does not affect other transaction system functions such as order matching, profit and loss settlement, and liquidation. Early the next morning, Dango announced that after the chain restart, all positions would be liquidated, orders canceled, and unrealized profits and losses during the downtime would not be reset, and 35k points would be distributed to DLP depositors at the time of shutdown as compensation for their risk exposure. (Source: PANews)