Hacker drains $300,000 from Olympus DAO on Bond Protocol

Quick Take

  • A hacker stole $300,000 from DeFi protocol Olympus DAO in a security exploit today. 
  • The hacker later returned all of the funds following a negotiated deal. 

Update (11 a.m. ET): The hacker has returned all of the stolen tokens following a negotiated deal, a spokesperson from Olympus DAO told The Block.

A hacker drained 30,437 OHM tokens (about $300,000) from one of the smart contracts on Bond Protocol that Olympus DAO operated at 1:22 a.m. ET today. The incident took place because the specific contract failed to properly validate the hacker’s malicious fund transfer request, according to security firm PeckShield.

The affected contract, known as “BondFixedExpiryTeller,” was used to open bonds denominated in the Olympus DAO’s OHM tokens. The contract lacked a validation input in the “redeem() function,” which allowed the attacker to trick input values to redeem funds, PeckShield said. 

In the official Discord, the Olympus team acknowledged the exploit and said: "This morning, an exploit occurred through which the attacker was able to withdraw roughly 30K OHM ($300K) from the OHM bond contract at Bond Protocol.” The team said the rest of $217 million staked on Olympus DAO was safe.

THE SCOOP

Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

Olympus DAO is a DeFi protocol with a treasury that backs the OHM token. It offers cryptocurrency bonds denominated in vested OHM tokens. The DAO issues OHM tokens at a discount to investors in exchange for their cryptocurrencies, a process designed to increase its treasury over time. 

Headline and report copy updated for clarity.


© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Author

Vishal Chawla is The Block’s crypto ecosystems editor and has spent over six years covering tech protocols, cybersecurity, artificial intelligence and cloud computing. Vishal likes to delve deep into blockchain intricacies to ensure readers are well-informed about the continuously evolving crypto landscape. He is also a staunch advocate for rigorous security practices in the space. Before joining The Block, Vishal held positions at IDG ComputerWorld, CIO, and Crypto Briefing. He can be reached on Twitter at @vishal4c and via email at [email protected]