Mkt Cap$2.23T-1.74%
24h Vol$74.28B
BTC Dom56.3%
ETH Dom9.0%
F&G17Extreme Fear
BTC$62,686.00-1.67% ETH$1,666.62-3.16% USDT$0.9987-0.01% BNB$577.36-1.84% USDC$0.9996-0.01% XRP$1.10-1.88% SOL$69.40-3.23% TRX$0.329-1.01% FIGR_HELOC$1.03-0.16% HYPE$61.30-7.24% DOGE$0.0789-3.56% USDS$0.9997+0.00% RAIN$0.0157-2.06% LEO$9.49-0.84% ZEC$413.84-6.89% XLM$0.1911-3.05% BTC$62,686.00-1.67% ETH$1,666.62-3.16% USDT$0.9987-0.01% BNB$577.36-1.84% USDC$0.9996-0.01% XRP$1.10-1.88% SOL$69.40-3.23% TRX$0.329-1.01% FIGR_HELOC$1.03-0.16% HYPE$61.30-7.24% DOGE$0.0789-3.56% USDS$0.9997+0.00% RAIN$0.0157-2.06% LEO$9.49-0.84% ZEC$413.84-6.89% XLM$0.1911-3.05%
ETH-3.16% DeFi

Hacker Steals $300K from OlympusDAO Despite $3.3M Bug Bounty

DeFi protocol OlympusDAO lost $300,000 in its native OHM tokens after a hacker exploited one of its smart contracts on Ethereum, according to PeckShield.

Tim Fries
Tim Fries Tim Fries is the cofounder of
Oct 21, 2022 3 min read
Hacker tries to break security system
Image courtesy of 123rf.
Editorial disclosureRead more

All reviews, research, news and assessments of any kind on The Tokenist are compiled using a strict editorial review process by our editorial team. Neither our writers nor our editors receive direct compensation of any kind to publish information on tokenist.com. Our company, Tokenist Media LLC, is community supported and may receive a small commission when you purchase products or services through links on our website. Click here for a full list of our partners and an in-depth explanation on how we get paid.

Neither the author, Tim Fries, nor this website, The Tokenist, provide financial advice. Please consult our website policy prior to making financial decisions.

DeFi reserve currency protocol OlympusDAO lost roughly $300,000 after a hacker attacked its smart contract on Ethereum, security firm PeckShield reported Friday. The hacker drained 30,437 OHM tokens after a contract written by Bond Protocol failed to verify the perpetrator’s malicious fund transfer request.

OlympusDAO to Compensate Users Following a $300K Exploit

A hacker siphoned 30,437 OHM tokens, or around $300,000, from one of Ethereum smart contracts belonging to the decentralized finance (DeFi) protocol Olympus DAO written by Bond Protocol. The exploit took place at 1:22 am ET Friday.

The hacker was able to drain the funds because the affected contract could not validate the perpetrator’s fund transfer request, PeckShield noted. The contract, named “BondFixedExpiryTeller,” was meant for opening bonds denominated in the protocol’s native OHM tokens but it was missing a validation input in the “redeem() function,” paving the way for the hacker to exploit input values and steal the funds.

“This morning, an exploit occurred through which the attacker was able to withdraw roughly 30K OHM ($300K) from the OHM bond contract,” OlympusDAO team said in its Discord channel. Olympus said the remaining $217 million staked on the protocol was not at risk, adding it will compensate users affected in today’s hack.

OlympusDAO is a DeFi reserve currency protocol behind the OHM token, each backed by a basket of assets from Olympus’s treasury. The protocol issues the tokens at a discount in exchange for their crypto assets, aimed at expanding its treasury.

In January 2022, OlympusDAO launched a bug bounty program with a maximum bounty of $3,333,333, 10 times what was lost in today’s exploit. The maximum reward applies to “bugs/exploits which would lead to a loss of bond funds or a loss of user funds,” according to Olympus.

Join our Telegram group and never miss a breaking digital asset story.

DeFi – The Hackers’ Favorite

Today’s exploit is the latest in a series of hacks that targeted DeFi protocols this year. According to Chainalysis, hackers are stealing more crypto from DeFi projects than ever before, a trend that emerged in 2021.

This week, FTX founder and CEO Sam Bankman-Fried proposed a framework that would help cushion the impact of hacks and scams on the industry. Among other things, Bankman-Fried proposed a “5-5 standard,” which would let hackers keep 5% or $5 million of the stolen amount, depending on which is smaller.

Earlier this month, Transit Swap lost almost $29 million following a hack that exploited an internal flaw in one of the contracts. The hacker returned around 65% of the stolen amount and promised to give back more after the decentralized exchange (DEX) completes the first phase of user refunds.

<strong>Finance is changing.</strong>
Learn how, with Five Minute Finance.
A weekly newsletter that covers the big trends in FinTech and Decentralized Finance.

Do you think strict crypto regulation is the only way to make DeFi a safer space? Let us know in the comments below.

Update (21st October 2022): Article was updated to clarify the effected contract was written by Bond Protocol and not OlympusDAO.

DeFi hack DeFi Security smart contract exploits
Tim Fries

Tim Fries

Author · Tokenist

Tim Fries is the cofounder of The Tokenist. He has a B. Sc. in Mechanical Engineering from the University of Michigan, and an MBA from the University of Chicago Booth School of Business. Tim served as a Senior Associate on the investment team at RW Baird's US Private Equity division, and is also the co-founder of Protective Technologies Capital, an investment firm specializing in sensing, protection and control solutions.

Related Stories