Dego Finance - REKT Incident Report
Summary
Dego Finance and strategic partner Cocos-BCX suffered a security breach resulting in approximately $10 million in losses across three blockchain networks.
What Happened
The Dego Finance protocol experienced a significant theft affecting both their platform and Cocos-BCX. Following the incident, Dego requested that Binance pause deposits of their native $DEGO token and asked Uniswap to prevent trading, raising questions about the founders' understanding of decentralized finance principles.
Technical Root Cause
Dego Finance attributed the breach to "compromised keys." The platform did not employ multi-signature security measures, which would have provided additional protection against unauthorized access to critical administrative functions.
Attack Vector
The attacker gained access to administrative keys, enabling them to:
• Steal multiple liquidity pool tokens from both Binance Smart Chain and Ethereum networks
• Mint 600,000 DEGO tokens, triggering a 16% price decline
Financial Impact
• Total loss: ~$10 million across three chains (Ethereum, Binance Smart Chain, Cronos)
• Token minting impact: 600k DEGO minted, causing 16% price depreciation
Attacker Address
Ethereum:
0x118203b0f2a3ef9e749d871c8fef5e5e55ef5c91Same address used on BSC and Cronos networks.
Key Transaction
Minting transaction:
0x9b65bb0e9899a56dff9a14aa6ac33dfb64d2e5b9906199367a7c1191720d0834Remediation
Following the incident, Cocos-BCX transitioned ownership to a multi-signature wallet. The report suggests Dego Finance should implement similar protections.