Cyber Incident Victim: DODO
Date:
Mar 2021
Location:
China
Summary
A decentralized exchange suffered a $3.8 million exploit targeting its V2 Crowdpools due to a smart contract vulnerability that enabled counterfeit token creation. The attack impacted specific liquidity pools—WSZO, WCRES, ETHA, and FUSI—while V1 pools and non-Crowdpool V2 pools remained secure. Partial recovery of $1.88 million was anticipated, with one affected pool's funds fully restored. Despite the breach, the platform's native token experienced only a brief 2.55% price decline before rebounding slightly, reflecting limited market impact. Community sentiment remained supportive, and operational measures included temporarily disabling new pool creation while collaborating with security partners to address the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around March 8, 2021, decentralized exchange and liquidity provider DODO suffered a security breach resulting in the loss of approximately $3.8 million. The attack specifically targeted several V2 Crowdpools within the platform’s infrastructure, exploiting a vulnerability in the V2 smart contract that allowed the attacker to create counterfeit DODO tokens. Impacted pools included WSZO, WCRES, ETHA, and FUSI, though funds from the AC pool were fully recovered. DODO confirmed that all V1 pools and non-Crowdpool V2 pools remained unaffected by the exploit. Upon detecting the breach, the platform immediately disabled its pool creation portal as a precautionary measure and announced via Twitter that it was collaborating with a security partner to investigate the incident and recover stolen assets. Subsequent updates on DODO’s official website indicated that approximately $1.88 million of the stolen funds were expected to be returned, though the methodology for this recovery was not detailed in available reports. The incident highlighted a technical flaw in the Crowdpool mechanism of DODO’s newly implemented V2 contracts, which the attacker manipulated to execute the counterfeit token scheme.
Despite the financial scale of the breach, the DODO protocol’s native token exhibited notable market resilience. At the time of reporting on March 10, 2021, the DODO token price had declined only 2.55% to $3.94 following the exploit and had rebounded to $4.09 by press time, reflecting a 1.17% increase. This relative stability contrasted with the token’s 96% single-day surge on February 18, which had occurred after DODO announced its expansion to Binance Smart Chain. The protocol’s prior fundraising success—including a $600,000 seed round led by Framework Ventures and a $5 million private sale involving Three Arrows Capital, Binance Labs, and Pantera Capital—underscored institutional confidence, with additional backing from Coinbase Ventures, Galaxy Digital, and Alameda Research. Community sentiment appeared largely supportive, with multiple users publicly expressing commitment to the decentralized exchange in the incident’s aftermath. The limited price volatility and sustained user engagement suggested the hack had not significantly eroded trust in the platform’s operational viability or long-term prospects.