OlympusDAO users yesterday had a momentary fright. 30,000 OHM tokens, or $300K, were stolen by a hacker who later gave them back. The hacker seems to be wearing a white hat. took advantage of a flaw in the OHM Bonds smart contract to sell the new product.
PeckShield says in its tweet that it appears the BondFixedExpiryTeller contract redeem() method lacks adequate input validation. The blockchain security firm acknowledged, nevertheless, that Bond Protocol was the author of the problematic smart contract.
However, earlier this year, the decentralized reserve currency protocol OlympusDAO was introduced. Recent testing of its OHM Bonds product has begun. Following the attack, the DAO alerted its users of the Discord server breach.
The company also confirmed and said:
“This morning, an exploit occurred through which the attacker was able to withdraw roughly 30K OHM ($300K) from the OHM bond contract at Bond Protocol. This bug was not found by three auditors, nor by our internal code review, nor reported via our Immunefi bug bounty.”
The company added that the phased rollout had minimized the amount of cash impacted. In addition, the sum taken is a small fraction of the $3.3 million reward the hacker might have received had they disclosed the flaw.
Moreover, the DAO team said at the time that it had shut down the impacted markets and was currently searching for methods to make amends for the users who had been hurt.
Hacker Cash Back Stolen Funds
The OlympusDAO team didn’t have to wait long, either, because the hacker gave back all the money. The DAO community said:
“Funds have been returned to the DAO wallet. We will communicate on the OHM bond payment and plan moving forward in the coming hours.”
Furthermore, the reason the hacker decided to return the money was kept a secret. Many others, however, have suggested that he could be drawing attention to the flaw.
Others assert that he could have returned the money due to the substantial compensation offered for finding a flaw.
Related Reading | OANDA Now Offering Cryptocurrency Trading To US Customers
However, Regardless, the attack exposes DeFi smart contracts’ vulnerability even as technology advances. In October, there were a record number of bitcoins stolen from DeFi systems.
Mango Markets, Moola Market, BNB Chain, and TempleDAO were among the compromised protocols that were used to steal hundreds of millions of dollars.
Comments (No)