OlympusDAO Suffer $300K Exploit, White Hat Hacker Returns All Funds

22 October 2022, 16:30 GMT+0000
Updated by Ryan James
22 October 2022, 16:30 GMT+0000
In Brief
  • OlympusDAO suffered a $300,000 exploit on October 21.
  • The hacker later returned the stolen funds to the DAO.
  • The DeFi space has recorded millions of losses in October.
  • promo

Users of OlympusDAO had a brief scare yesterday. After a hacker made off with 30,000 OHM tokens, equivalent to $300K, and then returned the funds. 

The hacker, appears to be a white hat. Took advantage of a bug in the smart contract for the new product, OHM Bonds. 

According to PeckShield, it appears that the “BondFixedExpiryTeller contract has a redeem() function that does not properly validate the input.” However, the blockchain security company clarified that Bond Protocol wrote the affected smart contract.

OlympusDAO Confirms Exploit

OlympusDAO is a decentralized reserve currency protocol that launched last year. It recently started testing its OHM Bonds product. Following the exploit, the DAO informed members of the hack in the Discord server. 

“This morning, an exploit occurred through which the attacker was able to withdraw roughly 30K OHM ($300K) from the OHM bond contract at Bond Protocol. This bug was not found by three auditors, nor by our internal code review, nor reported via our Immunefi bug bounty,” the announcement read.

/Related

More Articles

OlympusDAO added that the funds affected were limited due to the phased rollout.

The amount stolen is merely a fraction of the $3.3 million bounty the hacker could have claimed if they had reported the exploit.

At the time, the DAO team said it had closed affected markets and was now looking for ways to compensate the affected users.

Hacker Returns Stolen Funds

Meanwhile, the OlympusDAO team didn’t have to wait long as the hacker returned all the funds.

The DAO community update reads, “Funds have been returned to the DAO wallet. We will communicate on the OHM bond payment and plan moving forward in the coming hours.”

The hacker did not reveal why he chose to return the fund. However, some have posited that he might be calling attention to the bug.

Others say he might have returned the funds because of the huge bounty rewards attached to the discovery of a bug.

Whichever it is, the hack underlies the vulnerability of DeFi smart contracts even as the technology is improving.

The crypto space saw a record theft of cryptocurrencies from DeFi platforms in October.

Some of the affected protocols include Mango Markets, Moola Market, BNB Chain, and TempleDAO exploited for hundreds of million. 

For Be[In]Crypto’s latest Bitcoin (BTC) analysis, click here

Disclaimer

BeInCrypto has reached out to company or individual involved in the story to get an official statement about the recent developments, but it has yet to hear back.