Key Takeaways
- $300,000 of crypto stolen from OlympusDAO today has been returned by the hacker responsible for the theft.
- The original attack saw the hacker exploit a smart contract related to the project’s bond features.
- OlympusDAO is one of several DeFi platforms targeted in attacks totaling $718 million this month.
Share this article
The hacker behind this morning’s $300,000 attack on OlympusDAO has returned the stolen funds.
Hacker Returns Funds to OlympusDAO
OlympusDAO has recovered all of its stolen funds.
According to statements from an OlympusDAO spokesperson, the attacker responsible for the theft returned all the funds to the project after negotiating a deal.
The stolen funds were returned to the project in two transactions on the Ethereum blockchain at 2:29 p.m. UTC and 2:30 p.m. UTC. Those transactions occurred just hours after the funds were stolen at 5:22 a.m. UTC. The original theft saw the attacker drain 30,437 OHM valued at nearly $300,000 from OlympusDAO’s smart contracts.
The attacker targeted a specific bond contract called BondFixedExpiryTeller. According to PeckShield, one of the contract’s functions did not properly validate inputs, allowing the attacker to input false values and transfer funds.
Peckshield stressed that the affected contract was not a native OlympusDAO contract. Rather, it was a Bond Protocol smart contract used to pilot launch OHM bonds.
OlympusDAO confirmed the exploit on its Discord channel today. There, it stated that the attacker “was able to withdraw roughly 30K OHM ($300K)” but that most of the project’s other funds remained safe.
OlympusDAO is a decentralized reserve currency protocol backed by $260 million worth of assets held by 120,000 holders. It allows users to engage with the protocol through staking and bonding—the latter of which involves trading tokens for OHM at a discount.
The project opened its second round of bond testing on October 13. At that time, it warned that the current phase of the feature constituted a “testing period and not the full OHM Bonds release”—though its uncertainty seemed to concern market discovery rather than security issues.
OlympusDAO’s OHM token is currently valued at $9.94 and seems to have been minimally affected by today’s attack.
Several other DeFi platforms have been targeted in attacks this October, including Mango Markets, TempleDAO, BNB Chain, and Moola Market. At least $718 million has been stolen this month, according to Chainalysis data.
Disclosure: At the time of writing, the author of this piece owned BTC, ETH, and other cryptocurrencies.