Nexo

We’re Giving out 10 BTC in Rewards until the Bitcoin Halving

Learn More
Home » News » TempleDAO, STAX Hacked for $2.3 Million

TempleDAO, STAX Hacked for $2.3 Million

by

Another DeFi project has been exploited through a smart contract vulnerability.

TempleDAO, STAX Hacked for $2.3 Million
Shutterstock cover by ViChizh

Key Takeaways

  • TempleDAO and STAX Finance became the targets of a $2.3 million exploit that took place on October 11.
  • The attacker carried out the exploit by forging a smart contract to call a function and withdraw funds.
  • Though certain staking contracts were exploited, TempleDAO says that its core contracts are secure.

Share this article

TempleDAO and its associated project STAX Finance have been hacked for approximately $2.3 million.

TempleDAO and STAX Hacked

TempleDAO and STAX have been exploited.

STAX acknowledged the attack in a maintenance note. It wrote that the attacker managed to steal a total of 321,154 xLP on October 11. Those tokens were swapped for 1.3 million FRAX and 1.4 million TEMPLE. The TEMPLE tokens were then sold for another token, FRAX.

The market value of those tokens places the value of the attack above $2.3 million. PeckShield estimates that 1,831 ETH ($2.34 million) were stolen in the attack.

STAX has urged users not to deposit more funds into its contracts until the problem has been resolved, noting that it has frozen the dApp to provide accidental access.

The project wrote that the issue is “now under control and the exploiter can do no further harm,” adding that “remediations will be made for all affected users.”

STAX added that it is “following up with Binance” on the matter. Presumably, it is working to track or block funds that move through the exchange. Some reports suggest that the attacker initially moved his funds from a Binance account.

Finally, STAX said that it will create a white hat bounty to encourage the return of stolen funds and increase the bounty that it already offers through Hats Finance.

The attack was possible because of improper access control in a staking-related smart contract. The attacker was able to forge another smart contract to call a specific function in that contract and request the movement of funds.

TempleDAO has emphasized the limited scope of the attack, noting that its “vault contracts share no common code with STAX, have been audited by PeckShield, and remain secure.”

TempleDAO is said to have $100 million in stablecoins in those core contracts. Its total value locked also amounts to approximately $56 million at present.

Disclosure: At the time of writing, the author of this piece owned BTC, ETH, and other cryptocurrencies.

Share this article

The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.

Crypto Briefing may augment articles with AI-generated content created by Crypto Briefing’s own proprietary AI platform. We use AI as a tool to deliver fast, valuable and actionable information without losing the insight - and oversight - of experienced crypto natives. All AI augmented content is carefully reviewed, including for factural accuracy, by our editors and writers, and always draws from multiple primary and secondary sources when available to create our stories and articles.

You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.

See full terms and conditions.