{"id":68437,"date":"2022-10-12T10:04:24","date_gmt":"2022-10-12T07:04:24","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=68437"},"modified":"2025-09-07T14:06:16","modified_gmt":"2025-09-07T11:06:16","slug":"hacker-siphons-2-3m-from-templedao","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/hacker-siphons-2-3m-from-templedao\/","title":{"rendered":"Hacker siphons $2.3m from TempleDAO"},"content":{"rendered":"<p>On October 11, an unknown individual exploited a vulnerability in the DeFi project TempleDAO\u2019s smart contract and stole 1,831 ETH (about $2.3 million) from one of the staking vaults. The team pledged to return the funds to the users affected by the attack.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">\ud83d\udea8 Temple DAO\u2019s <a href=\"https:\/\/t.co\/kQK1dEfpkQ\">https:\/\/t.co\/kQK1dEfpkQ<\/a> was exploited 1 hour ago for a total value of $2.3m (1,831 ETH).<\/p>\n<p>We have reached out to the team to assist and have contacted Binance which the wallet was funded by.<\/p>\n<p>Funds are presently on-chain in eth.<a href=\"https:\/\/t.co\/jyeEUYyUw1\">https:\/\/t.co\/jyeEUYyUw1<\/a><\/p>\n<p>\u2014 Paladin Blockchain Security (@0xPaladinSec) <a href=\"https:\/\/twitter.com\/0xPaladinSec\/status\/1579842797775249408?ref_src=twsrc%5Etfw\">October 11, 2022<\/a><\/p><\/blockquote>\n<p> <script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>In a series of transactions, the attacker moved a total of 321,154 xLP tokens, swapping them for 1,262,438 FRAX and 1,418,303 TEMPLE. Subsequently, he converted the latter asset into FRAX.<\/p>\n<p>The exploit was caused by \u201cseveral abuses\u201d in the migrateStake function. It allows users to transfer staked tokens from an older contract. The attacker called the function with a forged address, granting access to withdraw all funds from the vault to his wallet instead of the new contract.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><em>&#8220;The exploit is one of the most trivial in scale in recent times. [\u2026] The contract was deployed more than 100 days ago with a vulnerability that has only now been exploited&#8221;,<\/em> \u2014 according to Paladin&#8217;s statement.<\/p>\n<\/blockquote>\n<p>The operations were conducted from a Binance-registered account. Project representatives contacted the exchange&#8217;s security team.<\/p>\n<p>Developers recommended avoiding depositing funds into STAX contracts.<\/p>\n<p>The team pledged a bounty to the hacker if the stolen funds are returned.<\/p>\n<p>Other storage facilities of the project were not affected and remain secure. According to DeFi Llama, the total value locked in TempleDAO is $109.8 million.<\/p>\n<p>Earlier on Oct 11, an unknown<a href=\"https:\/\/u1f987.com\/en\/news\/unknown-attacker-drains-over-1-million-from-qanplatform-blockchain\"> withdrew<\/a> more than $1 million from the QANplatform blockchain.<\/p>\n<p>Earlier, Immunefi\u2019s bug-bounty platform experts estimated the ecosystem <a href=\"https:\/\/u1f987.com\/en\/news\/what-is-web3\">Web3<\/a> losses from hacks and fraud for Q3 2022 at<a href=\"https:\/\/u1f987.com\/en\/news\/crypto-industry-loses-428-million-in-q3-to-hacks-and-scams\"> $428.7 million<\/a>.<\/p>\n<p>Of the overall figure, losses from hacking amounted to $399 million. The bulk of the losses were linked to two incidents \u2014 cross-chain protocol <a href=\"https:\/\/u1f987.com\/en\/news\/nomad-offers-hackers-90-of-stolen-funds-to-return-assets\">Nomad ($190 million)<\/a> and market maker <a href=\"https:\/\/u1f987.com\/en\/news\/hackers-stole-160-million-from-wintermute\">Wintermute ($160 million)<\/a>.<\/p>\n<p>Read ForkLog\u2019s Bitcoin news in our <a href=\"\/\/telegram.me\/forklog\u201d\" target=\"\u201c_blank\u201d\" rel=\"\u201cnofollow\u201d noopener\">Telegram<\/a> \u2014 crypto news, prices and analytics.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>On October 11, an unknown individual exploited a vulnerability in the TempleDAO smart contract and stole 1,831 ETH (about $2.3 million) from one of the staking vaults. The team pledged to return the funds to the users affected by the attack.<\/p>\n","protected":false},"author":1,"featured_media":68438,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1154],"class_list":["post-68437","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-crimes"],"aioseo_notices":[],"amp_enabled":true,"views":"28","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/68437","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=68437"}],"version-history":[{"count":1,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/68437\/revisions"}],"predecessor-version":[{"id":68439,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/68437\/revisions\/68439"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/68438"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=68437"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=68437"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=68437"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}