Crypto exploits have accelerated during the bear market. In the latest hack on Tuesday, October 12th, TempleDAO, an Ethereum-based decentralized finance (DeFi) yield-farming protocol, lost an approximate $2.34 million.
The exploit was confirmed by blockchain security companies BlockSec and PeckShield, who explained that the root cause of the hack was “insufficient access to control to the migrateStake function”.
PeckShield revealed that the attacker converted all of the stolen funds, which were mostly denominated in TEMPLE and FRAX, into ETH through Stax Finance, a TempleDAO dApp that has since suspended its operations temporarily. The stolen funds now sit in a new wallet that was previously funded through Binance.
Stax has stated that it is working with Binance to set up a white hat bounty in case the hacker “chooses to return [the] funds and receive a legal bounty”.
Prior to the exploit, the total value locked in the TempleDAO protocol measured to around $57 million, according to DeFiLlama. The attack resulted in the loss of approximately 4% of the protocol’s assets.
Solana DeFi Protocol Hit by $100 Million Hack
Tuesday proved to be an eventful day for DeFi hacks, as a much bigger exploit also took place, this time on the Solana blockchain, as DeFi protocol Mango Markets was drained of over $100 million.
The incident was first identified by blockchain auditor OtterSec, which disclosed in a tweet that the attacker was able to temporarily “spike up Mango’s collateral value and then took out massive loans from the Mango treasury”.
Mango confirmed the event, explaining that users would be unable to make withdrawals because the incident had resulted in “a total draining of all equity available”.
In an unexpected turn of events, the hacker submitted a governance proposal stating that they were willing to return $50 million worth of the assorted stolen tokens to the Mango treasury.
However, the attacker stipulated that they would only do so if Mango agrees to use the remaining $70 million USDC in its treasury to pay back all users without bad debt. If the proposal is passed, the thief would be immune to criminal investigations, or the possibility of having their funds frozen, and would walk away with a cool $70 million.
Voting on the proposal is currently live and is set to end on October 14th at 16:12 UTC. At the time of writing, 99% of users have voted in favor of the proposal, including the hacker themself, who holds roughly 0.66% of the total MNGO token supply.
Following the hack, MNGO almost immediately dumped over 50%. It’s currently trading at $0.027, 95% down from its all-time high of $0.51, according to CoinMarketCap.
The two attacks on TempleDAO and Mango Markets come just days after Binance, the largest crypto exchange in the world, suffered an exploit on its BNB chain that resulted in the loss of more than $100 million.
On the Flipside
- Community members hope that the perpetrators of both the TempleDAO and Mango Market hacks will return the stolen funds and agree to settle on a bounty reward.
Why You Should Care
While decentralized finance has proven to be one of the more successful innovations in crypto, vulnerable protocols remain a priority target for bad actors. As such, experts urge investors to perform due diligence before deciding on where to put funds to work.