- An estimated 1.1 million TEMPLE were sold
- According to BlockSec, the root cause of the exploit was insufficient access control to the MigrateStake feature
TempleDAO, a yield farming DeFi protocol, was exploited for around $2.34 million.
All exploited funds were converted to ether and then moved to a new wallet where they now sit.
Pseudonymous Doc Peppercorn, a contributor to TempleDAO, posted on his Discord group that a series of transactions via Stax Finance, a TempleDAO-affiliated dapp, to sell off an estimated 1.1 million TEMPLE, the Temple Protocol’s primary token, led .
“We are investigating what happened so we can give you a full picture of how this happened, what we have done to resolve it, and what further remedial actions are being taken,” he wrote.
The root cause of the exploit, according to security firm BlockSec, was insufficient access control to a specific function in the Stax smart contract.
Before the exploit, the total locked value of the TempleDAO protocol was approximately $57 million, according to DeFiLlama. The exploit amounted to approximately 4% of the protocol’s assets.
According to a recent report by bug bounty and security service platform Immunefi, DeFi protocols remain a key target for exploits compared to centralized finance — which collectively accounts for 98.8% of losses in Q3 2022 — with the Nomad Bridge hack and The Wintermute exploit accounts for the bulk of the casualties.
The two chains most targeted were Binance’s BNB chain, from which over 2 million BNB was recently withdrawn, and Ethereum, according to the report.
At the time of the report’s publication, the BNB chain had suffered from 16 individual attacks resulting in 28.6% loss of all target chain losses, and Ethereum reported 13 incidents accounting for 23.2% of total losses.
The exploiter’s address was originally funded by an address on the Binance Exchange, so it’s possible the exchange has know-your-customer information about the culprit.
A Binance spokesman did not immediately respond to a request for comment.
Stax Finance is reviewing its options.
We follow Binance and will initialize a white hat bounty for the exploiter. We increase our existing bounty with Hats Finance and set up secure communication if the hacker decides to return funds and get a legal bounty. Details follow.
— STAX (@staxfinance) October 11, 2022
Temple DAO said its core vaults do not share code with Stax and are therefore not affected.
Get the day’s top crypto news and insights delivered to your inbox every night. Subscribe to Blockworks’ free newsletter now.
Learn Crypto Trading, Yield Farms, Income strategies and more at CrytoAnswers
https://nov.link/cryptoanswers