dango: The white-hat hacker has returned the stolen funds and received the bug bounty; user funds have not been affected.

CoinFeed reported on April 14th that DeFi project dango released an update last night, three hours after disclosing the security incident, stating that the white-hat hacker had fully returned the stolen funds and received the bug bounty, and user funds were completely unaffected. The dango founder stated that they will deploy a fix, add security measures, and prepare to restart the blockchain. Previous announcements indicated that attackers exploited a vulnerability in the insurance fund's logic to steal USDC collateral. The vulnerability lay in the fact that the insurance fund allowed anyone to donate without checking that the donation amount was positive. Thanks to the cross-chain bridge rate limit, the attackers only bridged $410,000 of USDC to Ethereum, leaving the remaining $1.49 million in Dango, which was subsequently recovered. The vulnerability has been fixed and does not affect other trading system functions such as order matching, profit and loss settlement, and liquidation.