Comments on 9/11 Dogechain Outage and Future Direction
Hey everybody! We are happy that we were able to complete our Janis presale swap smoothly despite the Dogechain outage yesterday, 9–11. Everything on Dogechain seems to be operational now, including Multichain and Dogechain native bridges. Therefore, you shouldn’t currently have any trouble getting your assets off of Dogechain, and that’s a good thing!
The team has also stated that we are willing to transfer the centrally held DOGIUM supply to new DOGIUM community coordinators, and we are also willing to provide other services to help DOGIUM as a meme token. Furthermore, we are not trying to discourage anyone who enjoys using Dogechain, and the mantras of “not financial advice” and “do your own research” apply here.
However, because of lingering concerns regarding the outage incident on 9–11, we have removed all team assets and team members’ personal assets besides a nominal amount of gas from Dogechain. As the person who initially encouraged many of you to bridge assets onto Dogechain, I should inform anyone who may have been influenced by my recommendation that I would no longer recommend that a close friend or family member bridge their assets onto Dogechain.
The messaging from the Dogechain team and its representatives about the incident on 9–11 was strange to say the least. The Dogechain team initially denied that any exploit had occurred and said in numerous places that no funds were lost or bridged out:
However, a quick look at the exploiter’s address on etherscan (https://etherscan.io/address/0x78f05acd03b4dc51db68527afde64eb2f07938e4#tokentxns) shows that indeed, the address received several bridge transactions worth approximately 400,000 DOGE each in USD equivalents on the ETH side.
That wallet seems to have somehow received lots of wDOGE that should have been burned through the actions of an unverified contract. It seems like the team was attempting to fix issues with wDOGE that should be burned, as the urgent hardfork update in Dogechain’s GitHub inserts a burning system for wDOGE that is supposed to be burned. Last night, Dogechain team claimed that they were actually the ones who minted the wDOGE through a “bug”:
No matter who minted the wDOGE to the 0x78 account, the account began rapidly swapping it for USDT and USDC which it then bridged to the ETH side. Therefore, whoever controlled the 0x78 account had no reservations about exiting with funds. So why would the team be transferring wDOGE to this account? Why wDOGE that should have been burned? And of course, who was the mystery beneficiary who just “woke up with funds”?
A look at the history of the 0x78 account on Etherscan shows a completely different profile from those of accounts typically responsible for hacks. The account has a history of transacting on ETH network going back more than 600 days and has received transactions from Gate IO, MEXC, and several Binance hot wallets. The account has transacted in a variety of DeFi genres, including Shiba Inu DeFi. It seems highly likely to be someone’s doxxed personal account.
This begs the question of the identity of the “accidental” wDOGE recipient. It feels like the fact that this person exited with funds is being swept under the rug. If funds were clearly bridged out, why would the Dogechain team deny it? The team did not revert blocks, so there is no shortfall in backing of bridged tokens. So it seems odd to deny that any bridging occurred. Why is the team so uninterested in the identity of the funds recipient, and in denial about the fact that this individual bridged funds to Ethereum chain? Is it possible that they could know more about this than they let on?
Furthermore, if the wDOGE spent by the 0x78 account was actually wDOGE that should have been burned, then it would create a shortfall in the amount of DOGE available on the Dogechain bridge. It seems that the amount received by the 0x78 account was no more than a few percent of what was on the bridge, but it would entail a fractional reserve and a loss of funds if the wDOGE that was sold by the 0x78 account was effectively fake. The Dogechain team stated the opposite (“no loss of funds”).
The amount of unbacked wDOGE allegedly received by the 0x78 account seems small enough proportionally (~7% of all DOGE on the bridge) that it is unlikely to be an issue. The overall alleged unbacked amount (20 million wDOGE) is probably locked up in LPs or forgotten about by depositors, and so it seems that the bridge is unlikely to run completely dry. Furthermore, the team could just add more DOGE to the bridge if it did accidentally issue some unbacked wDOGE. So why deny any loss of funds whatsoever?
It seems that the incident had the potential to be more serious than it was. The chain seems to have been halted on an emergency basis while the 0x78 account was rapidly transacting. Given a few more hours of leeway, it is possible that this account could have done much more damage. Furthermore, we don’t know the exact attack vector due to the lack of transparency from the team, so it is impossible to verify that they have issued a complete fix.
Unfortunately, the team’s communication surrounding this outage is likely to cause issues down the road. It seems that anyone who considers bringing major funds onto this blockchain would probably perform due diligence on the chain’s creators, and the irregularities associated with this situation may prevent Dogechain from ultimately getting its big break.
It is possible that all of this is just a nothingburger, and a bunch of wDOGE was innocently and mistakenly minted to the account of a random person. But these situations usually turn out to be pretty logical if we follow the arrows of money. My real concern about this situation is that the Dogechain team seems to be throwing up a smokescreen to prevent the public from gaining knowledge about where the money went (i.e., the reason why this particular individual was sent funds, the identity of the exploiter, and even the basic fact that he exited with funds).
When we choose where to put our money in crypto, we all have to decide what we are comfortable with. And in this case, I decided that there were enough red flags about Dogechain’s handling of the September 11 situation that I would prefer not to bridge funds to Dogechain again. And if I feel that way personally, then I wouldn’t encourage anyone else to do it either.
Well, that’s it from me for today. Stay safe out there in the Wild, Wild West of DeFi!