A hacker stole 30,437 OHM tokens (about $300,000) from one of Olympus DAO’s Ethereum smart contracts.
According to security firm PeckShield, the incident occurred because a contract failed to properly validate the hacker’s illicit fund transfer request.
The contract in question, known as “BondFixedExpiryTeller,” was used to open bonds denominated in Olympus DAO’s OHM tokens. The contract lacked a validation input in the “redeem() method,” allowing the attacker to redeem funds by tricking input values, according to PeckShield.
The Olympus team confirmed the exploit in the official Discord and stated:
“This morning, an exploit occurred through which the attacker was able to withdraw roughly 30K OHM ($300K) from the OHM bond contract.”
The remaining $217 million invested in Olympus DAO was safe, according to the organization, and it planned to recompense customers harmed by today’s tragedy.
The Olympus DAO protocol is a DeFi protocol with a treasury that supports the OHM token. It provides cryptocurrency bonds in the form of vested OHM tokens.
The DAO sells OHM tokens at a discount to investors in return for their cryptocurrencies, with the goal of gradually increasing its treasury. Smart contracts handle the bonds, one of which was involved in today’s security problem.