Blockchain security firm Peckshield said that a hacker who exploited 30,437 OHM tokens (worth roughly $300,000) from an Olympus DAO’s smart contract earlier today has returned the funds to the DAO in two transactions.
According to Peckshield, the hacker exploited the contract’s “BondFixedExpiryTeller,” inability to validate the transfer request properly. The firm continued, “the related OlympusDAO’s BondFixedExpiryTeller contract has a redeem() function that does not properly validate the input, resulting in ~$292K loss.”
It seems the related @OlympusDAO‘s BondFixedExpiryTeller contract has a redeem() function that does not properly validate the input, resulting in ~$292K loss. https://t.co/dkhC5Ex9sz https://t.co/ikidpLyBga pic.twitter.com/wu5tUrepS6
— PeckShield Inc. (@peckshield) October 21, 2022
The OlympusDAO team confirmed the exploit on its Discord channel, revealing that the attacker drained the funds from the OHM bond contract with Bond Protocol. The protocol also stated that the bug was not found by its auditors, and the attacker could have earned much more if he had reported it via Immunefi.
The team continued that the over $200 million staked on its platform were safe.
CryptoSlate did not get a response to its request for comment from OlympusDAO and Bond Protocol as of press time.
Meanwhile, the Olympus community has hailed the hacker for being a white hat.