According to reports from Etherscan, TempleDAO, a system that asserts it offers sustained revenue through staking, experienced a malicious exploit on one of its staking vaults for 1,830 ETH, or around $2.3 million at the moment.
A TempleDAO contributor posted in the project’s Discord channel said that the CORE vaults, which contain more than $100 million in stablecoins, are unaffected. The exploiter can do no further harm. The contributor also promised that all impacted users will receive fixes.
According to Etherscan data, on October 11, around 9:11 a.m. EST, a withdrawal from the project’s STAX staking vault occurred. An announcement issued in the TempleDAO Discord stated that the withdrawal was “exactly 1,418,303 TEMPLE and 1,362,438 FRAX”.
Twitter user spreekaway originally discovered the alleged exploit when he reported an on-chain transaction that was later confirmed by blockchain security company PeckShield.
Temple DAO exploit
The newest Defi technology to be hacked or exploited is Temple DAO. A few weeks after cryptocurrency market manufacturer Wintermute had $160 million stolen from its Defi firm, Transit Swap lost $28.9 million to a hacker last week.
According to Defi Llama, the total value locked on Temple DAO is $56.93 million, with the exploit accounting for almost 4% of the protocol’s holdings. All funds were converted to Ethereum by the exploiter, who also moved $2.34 million to a new wallet.
The stablecoin FRAX was exchanged for the TEMPLE tokens. The wallet address in question was connected to a Binance account, which gave the initial funds to the wallet address being exploited. About one and a half hours before the exploit, it received 1.1 ETH.
Blockchain security company Paladin stated that the TempleDAO hack is connected to a non-bridge-related smart contract.
Due to “multiple malpractices” in one of the staking mechanisms, users could transfer staked tokens from an earlier contract as a result of this attack. The exploiter dialed a false number for this particular function, granting them access to the vault and allowing them to extract all the funds without regard for the new contract.
After the theft of the staking vault, the price of the token briefly dropped by 20%.
In the meantime, the dApp has been removed by TempleDAO to prevent unintentional use. The team persuaded the hacker to return the funds offering him a legal bounty for the exploit.