A recent security breach has rocked the Dolomite cryptocurrency exchange, resulting in the illegal transfer of nearly $1.8 million, equivalent to 541 ETH, from an exploited contract dating back to 2019.

According to findings from blockchain security company Peckshield Alerts, the compromised contract, previously utilized by Dolomite, served as the conduit for the unauthorized transfer of approximately $1.8 million USDC.

The attacker exchanged the stolen USDC for 541.5 ETH, valued at approximately $1.9 million, along with 94,000 DAI tokens.

The attacker exploited the “callFunction” feature, which permits calls to any code, exploiting a vulnerability in its “call” function that lacked a “reentrancy guard.” This loophole enabled the attacker to drain funds from affected users, as outlined in a CertiK report.

Users associated with approvals within this specific group were impacted by the breach. The development team swiftly advised users to revoke accesses linked to Ethereum Dolomite’s address, identified by its initial 0xe2466, to mitigate further risks.

In response to the breach, the development team promptly disabled the first version of the contract on Arbitrum to safeguard unaffected users. Despite these preventive measures, users are encouraged to revoke approvals related to the compromised contract and enhance their security measures.

In 2022, Dolomite, an exchange and lending protocol operating on Ethereum, began transitioning to Arbitrum, gradually phasing out support for Ethereum-based protocols. Due to the irreversible nature of smart contracts, the team effectively managed the Ethereum version using appropriate tools.

While Dolomite’s team addresses the aftermath of the hacker exploit, users are strongly advised to revoke approvals associated with the compromised contracts and exercise vigilance in their cryptocurrency endeavors.