DeFi protocol Temple DAO misplaced over $2.3 million on Oct. 11 to a hack first noticed by Twitter consumer Spreekaway and confirmed by blockchain analytical agency Peckshield.
#PeckShieldAlert Looks like @templedao received exploited. The exploiter funded from SimpleSwap and already transferred 1,831 $ETH (~$2.34M) to a brand new tackle 0x2B63d…B5A0 @peckshield https://t.co/bOyOARyyxY pic.twitter.com/SVEm8o95U6
— PeckShieldAlert (@PeckShieldAlert) October 11, 2022
In line with Peckshield, the hacker funded the assault from SimpleSwap and has transferred 1,831 ETH to a brand new tackle, 0x2B63d.
TempleDAO retweeted a Twitter thread in regards to the exploit from the DeFi protocol Stax Finance. In line with the thread, 321,154 xLP tokens had been stolen from the xLP Staking contract and transformed to 1,418,303 $TEMPLE tokens and 1,262,438 $FRAX. The TEMPLE tokens had been additionally later bought for FRAX.
It was revealed that the hacker exploited a “lacking onlyMigrator test” perform within the StaxLPStaking contract.
In the meantime, TempleDAO has taken down the dApp to keep away from unintentional utilization. The workforce urged the hacker to return the funds, providing him a authorized bounty for the exploit.
One other blockchain safety agency CertiK wrote that the “explanation for this assault is that migrateStake perform doesn’t test if the enter oldStaking is anticipated. In consequence, attackers can forge oldStaking contracts to arbitrarily add balances.”
Undertaking @templedao (TEMPLE) has been exploited for ~$2M.
It seems that EOA 0x9c9F… acquired ~1831 ETH from the exploit & and has transferred the funds to 0x2B63…
Extra data on the incident coming quickly.
Keep protected on the market! pic.twitter.com/r7I7XlufPY
— CertiK Alert (@CertiKAlert) October 11, 2022
