Hacker Steals $300K from OlympusDAO Despite $3.3M Bug Bounty

DeFi reserve currency protocol OlympusDAO lost roughly $300,000 after a hacker attacked its smart contract on Ethereum, security firm PeckShield reported Friday. The hacker drained 30,437 OHM tokens after a contract failed to verify the perpetrator’s malicious fund transfer request.

OlympusDAO to Compensate Users Following a $300K Exploit

A hacker siphoned 30,437 OHM tokens, or around $300,000, from one of Ethereum smart contracts belonging to the decentralized finance (DeFi) protocol Olympus DAO, according to PeckShield. The exploit took place at 1:22 am ET Friday.

The hacker was able to drain the funds because the affected contract could not validate the perpetrator’s fund transfer request, PeckShield noted. The contract, named “BondFixedExpiryTeller,” was meant for opening bonds denominated in the protocol’s native OHM tokens but it was missing a validation input in the “redeem() function,” paving the way for the hacker to exploit input values and steal the funds.

“This morning, an exploit occurred through which the attacker was able to withdraw roughly 30K OHM ($300K) from the OHM bond contract,” OlympusDAO team said in its Discord channel. Olympus said the remaining $217 million staked on the protocol was not at risk, adding it will compensate users affected in today’s hack.

OlympusDAO is a DeFi reserve currency protocol behind the OHM token, each backed by a basket of assets from Olympus’s treasury. The protocol issues the tokens at a discount in exchange for their crypto assets, aimed at expanding its treasury.

In January 2022, OlympusDAO launched a bug bounty program with a maximum bounty of $3,333,333, 10 times what was lost in today’s exploit. The maximum reward applies to “bugs/exploits which would lead to a loss of bond funds or a loss of user funds,” according to Olympus.

DeFi – The Hackers’ Favorite

Today’s exploit is the latest in a series of hacks that targeted DeFi protocols this year. According to Chainalysis, hackers are stealing more crypto from DeFi projects than ever before, a trend that emerged in 2021.

This week, FTX founder and CEO Sam Bankman-Fried proposed a framework that would help cushion the impact of hacks and scams on the industry. Among other things, Bankman-Fried proposed a “5-5 standard,” which would let hackers keep 5% or $5 million of the stolen amount, depending on which is smaller.

Earlier this month, Transit Swap lost almost $29 million following a hack that exploited an internal flaw in one of the contracts. The hacker returned around 65% of the stolen amount and promised to give back more after the decentralized exchange (DEX) completes the first phase of user refunds.

This article originally appeared on The Tokenist

Sponsored: Find a Qualified Financial Advisor

Finding a qualified financial advisor doesn’t have to be hard. SmartAsset’s free tool matches you with up to 3 fiduciary financial advisors in your area in 5 minutes. Each advisor has been vetted by SmartAsset and is held to a fiduciary standard to act in your best interests. If you’re ready to be matched with local advisors that can help you achieve your financial goals, get started now.

Source: Read Full Article