Olympus DAO Smart Contract Drained: $300K Stolen
- A smart contract belonging to the community-owned and decentralized protocol Olympus DAO has been exploited and hacker has made away with $300K.
- The attacker implemented the attack on Ethereum at around at 1:22 a.m. ET on Friday and they were able to withdraw roughly 30K OHM ($300K) from the OHM bond contract at Bond Protocol.
- The DAO confirmed that the attacker went through much trouble only to steal $300K and they would’ve gotten a higher amount if they’ve reported the bug.
Olympus DAO, a community-owned, decentralized, and censorship-resistant reserve currency which claims to be deeply liquid, asset-backed, and used widely, was another decentralized finance (DeFi) protocol which was hacked due to an unforseen turn of events. An attacker was successfully able to drain around $300,000 from a smart contract on the DeFi platform, and it seems that October has definitely turned into Hacktober.
The attacker implemented the attack on Ethereum at around at 1:22 a.m. ET on Friday and it seems that the entire crypto space is talking about it. It is crucial to note that the attack was successfully implemented because a contract failed to properly validate the hacker’s malicious fund transfer request which was the reason over $300,000 were stolen from the DeFi platform and now, the users are worried about their funds.
The attack was confirmed by blockchain security firm PeckShield which also confirmed that there was a code error in the Olympus DAO contract that enabled the hacker to make away with the funds.
The official Discord channel of Olympus DAO recognized the exploit and stated that the attacker was able to withdraw roughly 30K OHM ($300K) from the OHM bond contract at Bond Protocol. Moreover, the DeFi entity also confirmed that this bug was not found by the DAO’s 3 auditors, nor during internal code review, nor reported via the DAO’s very own Immunefil bug bounty which gives rewards to people who point out vulneribilites in the DAO’s infrastructure.
“We will compensate all affected bonders in full and are exploring how to do this in the best way possible, either through a contract or airdrop. As soon as we have this finalized we will communicate via Discord,” said Olympus while also confirming that “the total amount exploited is lower than the bug bounty the attacker would have been able to claim through Immunefi.”
Olympus DAO developers were quick to get together and work on this bug and since the users will be made full, there should be no issues. The DAO also confirmed that during the next community call on Nov. 4, the developers and other community members will discuss how and why this exploit occured. A thorough investigation will be conducted and methods will be discussed to prevent such incidents in the future.
Olympus DAO is a very well known member of the DeFi world and consists of the treasury that backs the OHM token. The protocol is known for offering cryptocurrency bonds denominated in vested OHM tokens and the entire ecosystem is managed with the help of smart contracts.