key takeaways
- The hacker responsible for the theft returned $300,000 worth of crypto stolen from OlympusDAO today.
- In the original attack, the hacker exploited a smart contract related to the bonus features of the project.
- OlympusDAO is one of several DeFi platforms targeted for attacks totaling $718 million this month.
Share this article
The hacker behind this morning’s $300,000 attack on OlympusDAO has returned the stolen funds.
Hacker returns funds to OlympusDAO
OlympusDAO has recovered all of its stolen funds.
According to an OlympusDAO spokesperson, the attacker responsible for the theft returned all funds to the project after negotiating a deal.
The stolen funds were returned to the project in two transactions on the Ethereum blockchain at 2:29 pm UTC and 2:30 pm UTC. Those transactions occurred just hours after the funds were stolen at 5:22 am UTC. In the original theft, the attacker mined 30,437 OHMs worth nearly $300,000 from OlympusDAO smart contracts.
The attacker targeted a specific bond contract called BondFixedExpiryTeller. According to PeckShieldone of the contract functions did not properly validate the inputs, allowing the attacker to enter false values and transfer funds.
Peckshield emphasized that the affected contract was not a native OlympusDAO contract. Rather, it was a Bond Protocol smart contract used to launch OHM bonds.
OlympusDAO confirmed the exploit on their Discord channel today. There, he claimed that the attacker “was able to withdraw approximately 30,000 OHM ($300,000),” but that most of the other project funds remained safe.
OlympusDAO is a decentralized reserve currency protocol backed by $260 million in assets held by 120,000 holders. It allows users to interact with the protocol through staking and bonding, the latter of which involves exchanging tokens for OHM at a discount.
The project opened its second round of adhesion tests on October 13. At the time, he cautioned that the current phase of the feature constituted a “trial period and not the full launch of OHM Bonds”, although his uncertainty seemed related to market discovery rather than security issues.
OlympusDAO’s OHM token is currently worth $9.94 and appears to have been minimally affected by today’s attack.
Several other DeFi platforms have been targeted this October, including Mango Markets, TempleDAO, BNB Chain, and Moola Market. At least $718 million has been stolen this month, according to data from Chainalysis.
Disclosure: At the time of writing, the author of this article owned BTC, ETH, and other cryptocurrencies.
