Earlier today, Dango experienced a security incident. An attacker exploited a bug in the insurance fund's logic and drained USDC collateral held in the perps contract. The bug is that the insurance fund allows anyone to donate to it, but it fails to check that the donation amount is positive. This issue is isolated to the insurance fund donation logic, which has now been removed, and does not impact order matching, PnL settlement, liquidation, or any other part of the trading system. Thanks to a bridge rate limit in place, the damage is limited: the attacker was able to bridge $410,010 USDC off to Ethereum while the bulk of the exploited funds ($1,490,012) remain on Dango and are recoverable. The attacker is: Dango account: 0x023ef9e3e20caca6ef3743cbfba6469d69978999 Ethereum account: 0x271d1f2f4194e61f2a17ea82d82e31cea9f6762a In the meantime, we have paused the chain and are now recovering the $1,490,012 stuck in the exploiter's account that they were unable to bridge out of Dango. We have also contacted the team at @SEAL_911 who have since notified @circle and all major exchanges. All affected users will be made whole. The protocol will be fully operational again soon. We invite the exploiter to reach to us at info@leftcurve.io and negotiate a bug bounty. The points program will be postponed until a later date. More updates to follow.