TempleDAO, a Decentralized Finance Protocol (DeFi) that yields decentralized finance (Yet-Farming), was hacked on October 11.
Spreek, a Twitter user, announced the exploit, sharing that DeFi had been hacked and a photo of how the stolen money had been moved.
.@templedao exploited for $2m it seems pic.twitter.com/k0nBLSoxnx
— Spreek (@spreekaway)
October 11, 2022
In a series tweets, BlockSec Security and PeckShield confirmed that the exploit was indeed present. BlockSec stated that the attacker was unable to gain control over the migrator function.
TempleDao @templedao was attacked. The root cause is the insufficient access control to the migrateStake function.https://t.co/eUwSMkZrEt pic.twitter.com/zXBUwzQ2Oy
— BlockSec (@BlockSecTeam)
October 11, 2022
PeckShield claimed the exploiter was funded by Simpleswap. He transferred 1,831 Ether and ETH ($2.34 Million) to a new address.
#PeckShieldAlert Seems like @templedao got exploited. The exploiter funded from SimpleSwap and already transferred 1,831 $ETH (~$2.34M) to a new address 0x2B63d…B5A0 @peckshield https://t.co/bOyOARyyxY pic.twitter.com/SVEm8o95U6
— PeckShieldAlert @PeckShieldAlert
October 11, 2022
Stax is a decentralized application powered TempleDAO. stated this in a tweet
“A total 321,154 xLP tokens were removed from the xLP Staking agreement at 13:08 UTC. These tokens were traded for exactly 1,418,303 $TEMPLE or 1,262,438$FRAX. 1,418,303 $TEMPLE were purchased for FRAX.
Stax stated that one agent was responsible. This was in line with BlockSec’s tweets. Stax warned users not to make further deposits into STAX accounts until the problem was fixed .
“The dApp was taken down in order to prevent accidental usage. The exploiter cannot do any further damage. This situation is now under control. All affected users will receive remediation.”
TempleDAO and Binance are currently working together to investigate as the address of the exploiter was linked with a Binance bank account. Stax stated
We are following up on Binance and will initiate a white-hat bounty for the hacker. We will increase our bounty with Hats Finance, and establish secure communications in the event that the hacker decides to return funds or receive a legal bounty. More details to follow.”
According to DefiLlama, the total value encrypted in TempleDAO’s protocol was $57 million before the exploit. An estimated 4% of protocol’s holdings was lost due to the exploit.
Leave a Reply