Hacker steals $300 000 from Olympus DAO and returns it hours later
A hacker took advantage of a vulnerability in the smart contract on the bonds of the platform’s native token
23.10.2022 - 07:00
536
2 min
0
What’s new? On October 21, the Olympus DAO protocol was hacked, causing a hacker to withdraw 30 437 of the project’s native tokens OHM (about $300 000 at the time of the attack). According to Decrypt, the developers reported it on their Discord channel. A few hours later, however, the hacker returned all of the stolen assets back. Olympus DAO representatives noted that this bug was not detected by either three auditors or their internal code review.
More details about the hack. According to cybersecurity firm PeckShield, the hacker found a loophole in the parameters of the smart contract of the project Bond Protocol that was used for the pilot launch of OHM bonds. Analysts noted that no vulnerabilities were found in the Olympus DAO code itself.
It seems the related @OlympusDAO's BondFixedExpiryTeller contract has a redeem() function that does not properly validate the input, resulting in ~$292K loss. https://t.co/dkhC5Ex9sz https://t.co/ikidpLyBga pic.twitter.com/wu5tUrepS6— PeckShield Inc. (@peckshield) October 21, 2022
Notably, if the hacker had reported the vulnerability on the Immunefi platform, he could have claimed a reward of up to $3,3 million.
What is known about Olympus DAO? It is a decentralized protocol run by a decentralized autonomous organization (DAO), founded in 2017. According to the developers, the OHM token is resistant to censorship, has high liquidity, and is actively used in Web 3.0. OHM is backed by other digital currencies, such as DAI and FRAX, held in the Olympus treasury.
As of October 22, 12:25 UTC, the OHM token is trading at $9,96, having gained 1,38% per day, according to CoinMarketCap. Its capitalization is $16,56 million.
On October 18, hackers attacked the DeFi platform Moola Market and withdrew assets worth about $8,4 million. They were able to artificially inflate the price of the project’s native token MOO in order to take loans backed by it and take out other assets. After some time, the hackers recovered 93,1% of the stolen cryptocurrencies.
Useful material?
Market
Tether Finance division will be responsible for the issuance and redemption of USDT stablecoins
Apr 18, 2024
Trends
The first project introduced on the platform will be BounceBit (BB)
Apr 18, 2024
Business
The rate exchange of the native ACH token reacted with a 10% increase
Apr 18, 2024
Market
Miners are hunting for the first block after halving as the value of the first satoshi could exceed $1 million
Apr 18, 2024
Market
The platform will be non-custodial and accessible to everyone
Apr 15, 2024
Market
China Asset Management, Harvest Global Investments, and Bosera Asset Management have received permits
Apr 15, 2024