Temple DAO hacked for over $2.3M
DeFi protocol Temple DAO lost more than $2.3 million on Oct. 11. The hack was first spotted by his Twitter user Spreekaway and confirmed by blockchain analytics firm Peckshield.
#PeckShieldAlert seems like @templedao exploited.Exploiter was funded by her SimpleSwap and already he transferred 1,831 $ETH (~$2.34M) to new address 0x2B63d…B5A0 @Peckshield https://t.co/bOyOARyyxY pic.twitter.com/SVEm8o95U6
— PeckShieldAlert (@PeckShieldAlert) October 11, 2022
According to Peckshield, Hackers funded attacks from SimpleSwap, transferring 1,831 ethereum to the new address 0x2B63d.
TempleDAO retweeted a Twitter thread about an exploit from DeFi protocol Stax Finance. According to the thread, 321,154 xLP tokens were stolen from the xLP staking contract and converted into 1,418,303 $TEMPLE tokens and 1,262,438 $FRAX. TEMPLE tokens were later also sold to FRAX.
It turns out that hackers abused the “missing onlyMigrator check” feature of the StaxLPStaking contract.
Meanwhile, TempleDAO has removed the dApp to avoid misuse. The team urged the hackers to return the funds and offered a legal bounty for their exploits.
Another blockchain security firm, CertiK, said, “The cause of this attack is that the migrateStake function does not check whether the input oldStaking is expected. You can add your balance.”
plan @templedao (TEMPLE) has been exploited for approximately $2 million.
EOA 0x9c9F… appears to have received ~1831 ETH from the exploit and transferred the funds to 0x2B63……
We will inform you about the details of the incident in the near future.
Stay safe. pic.twitter.com/r7I7XlufPY
— CertiK Alert (@CertiKAlert) October 11, 2022