Dogechain Halted, Restored After Critical Bug Found

Key Takeaways

• Dogechain halted its network for several hours this weekend after a vulnerability was found on its bridge network.
• The team said no funds were lost, but other sources suggest that $316,000 of crypto may have been converted.
• The vulnerability does not affect other dog-themed meme projects like Dogecoin and Shiba Inu token.

Dogechain halted transactions this weekend after developers detected a critical bug in the project’s bridge contracts.

Dogechain Paused Transactions

Dogechain was at risk of an exploit this weekend.

The project’s developers found a bug on Sept. 10 and paused block creation for several hours. On Sept. 11, the development team said the network was again live with ongoing maintenance.

The bug could have allowed attackers to freely mint wrapped DOGE (wDOGE) on the bridge network.

The project said that its network currently runs on a Proof-of-Authority (PoA) consensus mechanism that allowed the team to reverse the “unwarranted minting of wDOGE.” It added that it would remain under PoA until the team is fully prepared to transition to Proof-of-State (PoS) consensus.

Dogechain noted that the issue concerned an “internal bug” rather than “an exploit or hack.” The team assured the public that no Dogecoin (DOGE) had been lost or stolen. It added that no “internal funds” had been lost either—presumably referring to Dogechain (DC) and wrapped Doge (wDOGE) tokens.

However, some sources argue that Dogechain did indeed lose funds. Independent crypto researcher Crumbs suggested that an attacker exploited the vulnerability to mint 9.7 million wDOGE ($600,000). The supposed attacker converted as much as $316,000 to other assets; a portion of those funds may have been deposited to Binance.

Dogechain contributor Roc Zacharias responded to Crumbs and denied the theft, stating that the project “had [an] internal bug [and] no hack.” He continued,

“No funds lost. Nothing bridged out [or] lost like you’ve suggested here.”

Despite those denials, it appears that an Ethereum address beginning with 0x78F05… has been specifically blacklisted by Dogechain. Additionally, Dogechain’s official account of events implies that funds were minted without warrant at one point, even though those mints were reversed.

Those facts do not confirm that an attacker successfully committed theft. However, it does seem that an individual performed transactions that could have led to a loss of funds.

It should be emphasized that the vulnerability affects Dogechain, not Dogecoin. The two projects have no official relationship. Dogechain aims to build a Layer 2 network that allows bridged Dogecoin tokens to be used on new applications such as decentralized exchanges and NFT marketplaces.

Furthermore, the vulnerability described above is entirely unrelated to a data leak that recently affected the Shiba Inu token, another popular doge-themed blockchain project.

Original Post