Dogechain Halted, Restored After Critical Bug Found

Dogechain halted transactions this weekend after developers detected a critical bug in the project’s bridge contracts.

Dogechain Paused Transactions

Dogechain was at risk of an exploit this weekend.

The project’s developers found a bug on September 10 and paused block creation for several hours. On September 11, the development team said that the network was once again live with ongoing maintenance.

The bug could have allowed attackers to mint wrapped DOGE (wDOGE) freely on the bridge network.

The project said that the fact that its network currently runs on a Proof-of-Authority (PoA) consensus mechanism allowed the team to reverse the “unwarranted minting of wDOGE.” It added that it would remain under PoA until the team is fully prepared to transition to Proof-of-State (PoS) consensus.

Dogechain noted that the issue concerned an “internal bug” rather than “an exploit or hack.” The team assured the public that no Dogecoin (DOGE) had been lost or stolen. It added that no “internal funds” had been lost either—presumably referring to Dogechain (DC) and wrapped Doge (wDOGE) tokens.

However, some sources argue that Dogechain did indeed lose funds. Independent crypto researcher Crumbs suggested that an attacker exploited the vulnerability and converted as much as $316,000 worth of wDOGE to other tokens. A portion of those funds may have been deposited to Binance.

Dogechain contributor Roc Zacharias responded to Crumbs and denied the theft, stating that the project “had [an] internal bug [and] no hack.” He continued: “No funds lost. Nothing bridged out [or] lost like you’ve suggested here.”

Despite those denials, it appears that an Ethereum address beginning with 0x78F05… has been specifically blacklisted by Dogechain. Additionally, Dogechain’s official account of events implies that funds were minted without warrant at one point, even though those mints were reversed.

Those facts do not confirm that an attacker successfully committed theft. However, it does seem that an individual performed transactions that could have led to a loss of funds.

It should be emphasized that the vulnerability affects Dogechain, not Dogecoin. The two projects have no official relationship.  Dogechain aims to build a Layer 2 network that allows bridged Dogecoin tokens to be used on new applications such as decentralized exchanges and NFT marketplaces.

Furthermore, the vulnerability described above is entirely unrelated to a data leak that recently affected Shiba Inu token, another popular doge-themed blockchain project.

Source