A critical vulnerability in the DIP token’s smart contract code has resulted in the unauthorized transfer of approximately $111,098 in USD Coin (USDC), cybersecurity researchers at Slowmist have disclosed. The blockchain security firm identified the flaw through its threat intelligence monitoring systems, documenting the loss at precisely 111,097.6 USDC.
Duplicate Transaction Vulnerability
According to Slowmist’s technical analysis, the security breach stemmed from a single missing line of code within the token’s contract logic. The vulnerability enabled a duplicate transfer mechanism, allowing an attacker to execute unauthorized fund movements from the protocol. DIP serves as a core utility token within the Etherisc ecosystem, a decentralized insurance platform built on blockchain technology.
The incident highlights the critical importance of rigorous code auditing and testing procedures in decentralized finance (DeFi) development. Even minor omissions in smart contract code can create exploitable vectors that compromise user funds. The Slowmist alert underscores how sophisticated attackers continuously probe blockchain-based systems for subtle implementation flaws that bypass standard security checks.
Etherisc, which relies on the DIP token for its insurance protocol operations, has not yet issued an official statement regarding remediation efforts or compensation for affected parties. The platform’s development team will likely need to implement an emergency patch to address the vulnerability and prevent further exploitation.
This incident joins a growing list of smart contract vulnerabilities that have resulted in significant financial losses across the DeFi sector. Security firms like Slowmist play an essential role in identifying and documenting such threats, helping the broader crypto community understand emerging attack vectors and strengthen defensive measures.