Decentralized finance (DeFi) protocol TempleDAO and its affiliated application STAX Finance were compromised in a presumed hack early this week.
statement, STAX advised users to refrain from making deposits into STAX contracts while confirming that crypto assets worth about $2.3 million were stolen.
“Earlier today on Tuesday Oct. 11, a series of txs routed through STAX led to a total of 321,154 xLP tokens being taken from the xLP Staking contract at 13:08 UTC time. These tokens were swapped for precisely 1,418,303 TEMPLE and 1,262,438 FRAX; 1,418,303 TEMPLE were sold for FRAX.”
Blockchain security firm PeckShield also confirmed the hack and said the exploiters were able to send the crypto to another Ethereum address.
“Seems like TempleDAO got exploited. The exploiter funded from SimpleSwap and already transferred 1,831 ETH (~$2.34M) to a new address 0x2B63d…B5A0.”
STAX said that it identified only one entity involved in the hack and said that it was the result of a missing “onlyMigrator check,” a part of the smart contract governing the platforms staking function.
“The cause of this is an exploit in the StaxLPStaking contractdue to a missing onlyMigrator check.
TempleDAO assured users that its core vaults are safe from the exploit, and share no common code or connection to STAX.
TempleDAO says that the situation is now under control and that the exploiters won’t be able to cause further harm. It is also working with BINANCE since the explorer’s account is associated with the crypto exchange.
“We are following up with Binance and will initialize a white hat bounty for the exploiter. We are increasing our existing bounty with Hats Finance and establishing secure communications if the hacker chooses to return funds and receive a legal bounty.”
