OlympusDAO Hacker Returns $300K Hours After Attack

Key Takeaways

$300,000 of crypto stolen from OlympusDAO today has been returned by the hacker responsible for the theft.
The original attack saw the hacker exploit a smart contract related to the project’s bond features.
OlympusDAO is one of several DeFi platforms targeted in attacks totaling $718 million this month.

The hacker behind this morning’s $300,000 attack on OlympusDAO has returned the stolen funds.

Hacker Returns Funds to OlympusDAO

OlympusDAO has recovered all of its stolen funds.

According to statements from an OlympusDAO spokesperson, the attacker responsible for the theft returned all the funds to the project after negotiating a deal.

The stolen funds were returned to the project in two transactions on the Ethereum blockchain at 2:29 p.m. UTC and 2:30 p.m. UTC. Those transactions occurred just hours after the funds were stolen at 5:22 a.m. UTC. The original theft saw the attacker drain 30,437 OHM valued at nearly $300,000 from OlympusDAO’s smart contracts.

The attacker targeted a specific bond contract called BondFixedExpiryTeller. According to PeckShield, one of the contract’s functions did not properly validate inputs, allowing the attacker to input false values and transfer funds.

Peckshield stressed that the affected contract was not a native OlympusDAO contract. Rather, it was a Bond Protocol smart contract used to pilot launch OHM bonds.

OlympusDAO confirmed the exploit on its Discord channel today. There, it stated that the attacker “was able to withdraw roughly 30K OHM ($300K)” but that most of the project’s other funds remained safe.

OlympusDAO is a decentralized reserve currency protocol backed by $260 million worth of assets held by 120,000 holders. It allows users to engage with the protocol through staking and bonding—the latter of which involves trading tokens for OHM at a discount.

The project opened its second round of bond testing on October 13. At that time, it warned that the current phase of the feature constituted a “testing period and not the full OHM Bonds release”—though its uncertainty seemed to concern market discovery rather than security issues.

OlympusDAO’s OHM token is currently valued at $9.94 and seems to have been minimally affected by today’s attack.

Several other DeFi platforms have been targeted in attacks this October, including Mango Markets, TempleDAO, BNB Chain, and Moola Market. At least $718 million has been stolen this month, according to Chainalysis data.

Disclosure: At the time of writing, the author of this piece owned BTC, ETH, and other cryptocurrencies.

The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.

You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.

See full terms and conditions.

Source link