PANews reported on April 14th that DeFi project dango released an update last night, three hours after disclosing the security incident, stating that the white-hat hacker had fully returned the stolen funds and received the bug bounty, and user funds were completely unaffected. The dango founder stated that they will deploy a fix, add security measures, and prepare to restart the blockchain. Previous announcements indicated that attackers exploited a vulnerability in the insurance fund's logic to steal USDC collateral. The vulnerability lay in the fact that the insurance fund allowed anyone to donate without checking that the donation amount was positive. Thanks to the cross-chain bridge rate limit, the attackers only bridged $410,000 of USDC to Ethereum, leaving the remaining $1.49 million in Dango, which was subsequently recovered. The vulnerability has been fixed and does not affect other trading system functions such as order matching, profit and loss settlement, and liquidation.

The following morning, Dango announced that all positions would be liquidated and orders cancelled after the chain restarted. No profit or loss was realized during the shutdown period, and 35,000 points would be distributed to DLP depositors at the time of the shutdown to compensate for the risks they bore.