Users of OlympusDAO had a brief scare yesterday. After a hacker made off with 30,000 OHM tokens, equivalent to $300K, and then returned the funds.
The hacker, appears to be a white hat. Took advantage of a bug in the smart contract for the new product, OHM Bonds.
According to PeckShield, it appears that the “BondFixedExpiryTeller contract has a redeem() function that does not properly validate the input.” However, the blockchain security company clarified that Bond Protocol wrote the affected smart contract.
OlympusDAO Confirms Exploit
OlympusDAO is a decentralized reserve currency protocol that launched last year. It recently started testing its OHM Bonds product. Following the exploit, the DAO informed members of the hack in the Discord server.
“This morning, an exploit occurred through which the attacker was able to withdraw roughly 30K OHM ($300K) from the OHM bond contract at Bond Protocol. This bug was not found by three auditors, nor by our internal code review, nor reported via our Immunefi bug bounty,” the announcement read.
OlympusDAO added that the funds affected were limited due to the phased rollout.
The amount stolen is merely a fraction of the $3.3 million bounty the hacker could have claimed if they had reported the exploit.
At the time, the DAO team said it had closed affected markets and was now looking for ways to compensate the affected users.
Hacker Returns Stolen Funds
Meanwhile, the OlympusDAO team didn’t have to wait long as the hacker returned all the funds.
The DAO community update reads, “Funds have been returned to the DAO wallet. We will communicate on the OHM bond payment and plan moving forward in the coming hours.”
The hacker did not reveal why he chose to return the fund. However, some have posited that he might be calling attention to the bug.
Others say he might have returned the funds because of the huge bounty rewards attached to the discovery of a bug.
Whichever it is, the hack underlies the vulnerability of DeFi smart contracts even as the technology is improving.
All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.