On the 22nd of October, OlympusDAO’s token OHM was the latest target of a crypto cyberattack. In the early morning, an anonymous hacker stole 30,000 OHM tokens worth $300k, but he returned all the tokens on the same day. It seemed that the hacker had changed his heart, or he could be a white hat hacker who sent back the funds to OlympusDAO some hours later.
On Friday, in the early morning on Discord, they first alerted to the exploit to community members. In Discord, it said that this morning, an exploit occurred through which the hacker was able to withdraw roughly 30K OHM worth $300K from the OHM bond contract at Bond Protocol. Moreover, they said that this bug was not found by three auditors, by their internal code review, nor reported through their Immunefi bug bounty.
About this attack, Olympus said that a phased rollout put a limited amount of funds at risk. According to Olympus, the stolen money was a fraction of the potential $3.3 million bounty. They said that the attacker would have been able to claim on the bug-hunting website Immunefi for reporting the exploit. Regarding funds safety, they said that they had closed the affected markets and that all other funds were safe.
In the announcement, the team of DAO said that they were exploring the best way to compensate all affected bonders fully. But after some hours, OlympusDAO updated the community that the hacker had returned all the tokens. Olympus said that the funds had been returned to the DAO wallet. Moreover, they said that they would communicate on the OHM bond payment and plan moving forward in the coming hours.
Olympus DAO was launched in May 2021, and it is a decentralized reserve currency protocol based on the OHM token, supported by a basket of assets. Since January 2022, Olympus has offered a maximum $3.3 million bounty. Its bounty was focused on Olympus smart contracts and applications, and its purpose was to prevent the loss of DAO funds.
Peckshield, the blockchain security firm, reacted to this attack and said that the hacker targeted an exploit in the BondFixedExpiryTeller smart contract.
