A hacker drained 30,437 OHM tokens valued at about $300,000 from one of the smart contracts on Bond Protocol that Olympus DAO operated at 1:22 a.m. ET today. That incident happened due to a contract failed to properly validate the hacker’s malicious fund transfer request, based on a statement by security firm PeckShield.
The affected contract, called “BondFixedExpiryTeller,” was used to open bonds denominated in the Olympus DAO’s OHM tokens. This contract lacked an authentication input in the “redeem() function,” which enabled the attacker to trick input values to redeem funds, PeckShield stated.
In the official Discord, the Olympus team acknowledged the exploit and stated:
“This morning, an exploit occurred through which the attacker was able to withdraw roughly 30K OHM ($300K) from the OHM bond contract at Bond Protocol.”
The team insisted that the rest of the $217 million staked on Olympus DAO was safe.
Buy Crypto NowOlympus DAO is described as a decentralized finance protocol with a treasury that backs the OHM token. It provides crypto bonds denominated in vested OHM tokens. The DAO issues OHM tokens at a discount to investors in exchange for their cryptos, a process that is designed to increase its treasury over time.
Update (11 a.m. ET): The hacker returned all of the stolen tokens after a negotiated deal, a spokesperson from Olympus DAO said.