- TempleDAO and its associated project STAX Finance has lost $2.34 million in a hack.
- STAX confirmed on its website that the hack is under control.
- The stolen tokens were swapped for 1.3 million FRAX and 1.4 million TEMPLE.
A DeFi protocol TempleDAO and its associated project STAX Finance have lost $2.34 million in a hack carried out on Tuesday. The breach was allegedly caused due to insufficient access control to the migrateStake function that did not check the input oldStaking parameter.
The news was shared on Twitter that the DeFi platform had been hacked, along with an image of how the stolen funds had been moved.
STAX confirmed the attack on its website stating that they were working on it and is under control. It wrote that the hacker managed to steal a total of 321,154 XLP. The stolen tokens were swapped for 1.3 million FRAX and 1.4 million TEMPLE. The TEMPLE tokens were then sold for FRAX.
TempleDAO addressed its users noting:
The vault contracts share no common code with STAX, have been audited by PeckShield, and remain secure.
STAX has advised users not to add further money to their contracts until the issue has been fixed, pointing out that the dApp has been stopped to prevent unintentional access.
Furthermore, STAX also stated that it is “following up with Binance” over the situation. It must attempt to monitor or restrict the flow of funds through the exchange. Several reports claim that the perpetrator first transferred money from a Binance account.
As per the preliminary investigation, the attack was possible because of improper access control in a staking-related smart contract. The attacker was able to create a fake smart contract that called a particular function and asked for the transfer of cash.
Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.