Dango has confirmed the full recovery of funds from a recent exploit after the attacker cooperated and accepted a bug bounty. The incident involved a vulnerability in the protocol’s insurance fund donation logic, which allowed an unauthorized extraction of USDC collateral. Bridge restrictions limited the outflow to approximately $410,000, while $1.49 million remained on-chain. The protocol was paused, and after the funds were returned by the now-labeled “white hat,” the team stated all affected users will be made whole and operations will resume shortly.
Dango confirmed funds taken in a recent exploit have been fully returned. This followed the attacker’s cooperation with the team and acceptance of a bug bounty.
The incident initially saw an attacker drain USDC collateral from the protocol’s perpetuals contract. The situation was quickly contained with the majority of funds secured and later recovered.
According to the team, the exploit stemmed from a flaw in its insurance fund donation logic. The contract failed to verify donation amounts were positive, enabling the manipulation.
The team stated the vulnerability was isolated and did not affect core trading functions. These include order matching, profit and loss settlement, or liquidations.
The attacker bridged approximately $410,010 USDC to Ethereum. An additional $1.49 million remained on-chain within Dango due to built-in bridge rate limits.
This design feature prevented full withdrawal of exploited funds. It gave the team time to respond and initiate recovery efforts.
Dango paused the chain shortly after detecting the issue. It began coordinating with security partners including the Security Alliance and notified major exchanges and stablecoin issuers.
In a follow-up update, the team confirmed the attacker returned the funds in full and was awarded a bounty. Dango described the actor as a “white hat,” acknowledging their role.
“All affected users will be made whole,” the team said. It added that user funds were never at risk beyond the isolated contract.
With the issue resolved, Dango is working to deploy additional safeguards. The platform is expected to resume operations shortly, with its points program temporarily postponed.
