TempleDAO exploit results in $2M loss

Published at: Oct. 11, 2022

TempleDAO, a yield-farming Decentralized Finance (DeFi) protocol, lost over $2.34M to a hack on Oct 11. 

The exploit was announced by twitter account holder @spreekaway, who shared that the Defi platform had been hacked, along with a snapshot of how the stolen funds had been moved.

.@templedao exploited for $2m it seems pic.twitter.com/k0nBLSoxnx

— Spreek (@spreekaway) October 11, 2022

Blockchain Security companies Blocksec and Pecksheild confirmed in a series of tweets that the exploit had indeed occurred. Blocksec shared that the root cause of the attack was “insufficient access to control to the migrateStake function.”

TempleDao @templedao has been attacked. The root cause is the insufficient access control to the migrateStake function.https://t.co/eUwSMkZrEt pic.twitter.com/zXBUwzQ2Oy

— BlockSec (@BlockSecTeam) October 11, 2022

While Peckseild claimed that the exploiter funded from Simpleswap had transferred 1,831ETH ($2.34M) to a new address.

#PeckShieldAlert Seems like @templedao got exploited. The exploiter funded from SimpleSwap and already transferred 1,831 $ETH (~$2.34M) to a new address 0x2B63d...B5A0 @peckshield https://t.co/bOyOARyyxY pic.twitter.com/SVEm8o95U6

— PeckShieldAlert (@PeckShieldAlert) October 11, 2022

Staxfinance, a decentralized app (dAPP) powered by TempleDAO, stated in a series of tweets that:

“A total of 321,154 xLP tokens were taken from the xLP Staking contract at 13:08 UTC time. These tokens were swapped for precisely 1,418,303 $TEMPLE and 1,262,438 $FRAX. 1,418,303 $TEMPLE were sold for FRAX.”

The account suggested that only one agent was responsible for the hack, which had allegedly been caused by “a missing onlyMigrator check”, confirming Blocksec’s tweets. In the meantime, the account cautioned users against further deposits into STAX contracts until remediations were made, saying:

“The dApp has been taken down to avoid accidental usage. This is now under control and the exploiter can do no further harm. Remediations will be made for all affected users.”

An investigation is now taking place between Binance and TempleDAO since the exploiter’s address was linked to a Binance account. The TempleDAO-powered dApp account said:

“We are following up with Binance and will initialize a white hat bounty for the exploiter. We are increasing our existing bounty with Hats Finance and establishing secure communications if the hacker chooses to return funds and receive a legal bounty. Details to come.”

Prior to the exploit, DeFiLlama reported that the total value locked in TempleDAO’s protocol was about $57 million. The exploit amounted to an estimated 4% of the protocol’s holdings.

On Oct 6, Cointelegraph reported that the BNB Chain, the blockchain of crypto exchange Binance, had been paused due to an exploit on its cross-chain bridge, where attackers made off with an estimated $100 million worth of cryptocurrency.

Tags
Blockchain
Defi
Tokens
Dao
Related Posts
Decentralized privacy protocol launches yield farming to shift liquidity to DeFi
An OG cryptocurrency dating to 2014 is making an aggressive push towards interchain operability, following up the launch of a new privacy protocol and wrapped token bridge to Binance Smart Chain with the launch of yield farming last month. Aimed at allowing frictionless and extremely cheap cross-border transactions, the fully decentralized Navcoin protocol launched a wrapped version of its NAV coins— Wrapped NAV, or wNAV — in April, building a bridge to the Binance Smart Chain, and through it to the world of decentralized finance (DeFi). The Binance BEP-20 token wrap opens decentralized exchanges (DEX) to NAV and xNAV. Ultimately, …
Blockchain / June 21, 2021
A play-to-earn blockchain envisions a revolutionary token economy through the ‘perfect combination’ of DeFi and NFTs
The new era of blockchain-based games involves more than advanced graphics and sophisticated gameplay. Through the advent of technologies that enable decentralized finance (DeFi) and nonfungible tokens (NFTs), in-game incentives can turn into real-life financial rewards. Dragon Mainland is a play-to-earn game that combines PvP (player vs player) and PvE (player versus environment) warfare, breeding dragons, free commerce and collecting NFTs. By absorbing other dragon skulls, players can level up their own dragons and earn cryptocurrency in the game. The platform takes the experience one step further by offering players the opportunity to earn more by trading NFTs collected in-game …
Blockchain / Nov. 1, 2021
ENS’ director of operations says that DAO-based governance ‘has always been the plan’
On Monday, distributed domain protocol Ethereum Name Service, or ENS, launched its own governance token in an effort to distribute voting rights for its new decentralized autonomous organization, or DAO, to active users of the ecosystem. Cointelegraph spoke with Brantly Millegan, ENS’ director of operations, to learn more about the nonprofit’s decision to shift to a DAO model and his thoughts on the power of the ENS community: “ENS is an open public protocol. The core components of ENS are decentralized and self-running (e.g., no one can take away another person’s .ETH name), but there are a few things that …
Adoption / Nov. 10, 2021
Radio Caca wants to ‘return the Metaverse to people’ by partnering with university students
Radio Caca (RACA) is a decentralized autonomous organization, or DAO, that has partnered with top global universities to build a metaverse for students to study and play. Its blockchain ecosystem, powered by its native token RACA, consists of the United States of Mars (USM) metaverse, a nonfungible token, or NFT, marketplace and a play-to-earn, or P2E, game called Metamon. Cointelegraph spoke to the RACA team about its plans for user growth within the DeFi, NFT and P2E game spaces. At the time of publication, RACA ranked among the top 20 metaverse tokens on CoinMarketCap with a $327 million market capitalization. …
Blockchain / March 2, 2022
What are investment DAOs, and how do they work?
What is an investment DAO? A decentralized autonomous organization (DAO) that raises and invests capital into assets on behalf of its community is an investment DAO. Investment DAOs tap into the power of Web3 to democratize the investment process and make it more inclusive. DAOs can have their units in tokens that are listed on a crypto exchange. The community rules are agreed upon and governance is enforced through smart contracts. Governance rights (voting) can be prorated based on the holdings in the DAO. Related: Types of DAOs and how to create a decentralized autonomous organization A decentralized organization that …
Adoption / June 11, 2022