A critical flaw in the DIP token's code led to a loss of $111,098 in USDC. The issue was identified by blockchain security firm Slowmist, which noted that a missing return statement in the _transfer() function allowed an attacker to drain funds.
The 'skim(router)' and 'sync()' functions were used to trigger double DIP transfers and manipulate the AMM price, resulting in the loss of USDC from the pool. This bug did not require any complex exploits or stolen keys; it was simply a gap in the token's code that allowed for repeated payouts.
The incident is part of a larger trend of DeFi losses due to smart contract bugs. Slowmist has logged over 2,150 incidents and $37.8 billion in cumulative losses this year, with more than $1 billion lost to hacks and exploits as of last month.