A single missing line of code in the DIP token, a utility asset within the Etherisc ecosystem, allowed an attacker to drain approximately $111,098 in USDC. Blockchain security firm Slowmist reported the incident, pegging the loss at 111,097.6 USDC.
How the exploit worked
The vulnerability stemmed from a missing instruction that caused a transfer function to execute twice. That double-execution let the attacker siphon funds that should have remained locked. Slowmist flagged the flaw in a threat intelligence alert, noting the root cause was trivial but costly.
What was taken
Exactly 111,097.6 USDC was stolen. No other tokens or assets were affected, according to the available details. The DIP token is central to Etherisc's decentralized insurance platform, making the incident a blow to user confidence.
Etherisc has not yet issued a public statement. Developers are likely reviewing the contract to patch the missing line, but a timeline for a fix remains unclear.
