Reports are emerging this morning of an attack on the TempleDAO yield farming protocol. The alert came in from blockchain security firm PeckShield on Oct. 11, stating that the attacker had transferred 1,831 ETH worth around $2.34 million from the protocol.
Details are thin on the ground at the moment, but the exploit appears to have involved STAX and FRAX, which were part of its staking vaults. The liquidity provider smart contract for STAX was exploited, resulting in losses, according to Paladin Blockchain Security.
#PeckShieldAlert Seems like @templedao got exploited. The exploiter funded from SimpleSwap and already transferred 1,831 $ETH (~$2.34M) to a new address 0x2B63d…B5A0 @peckshield https://t.co/bOyOARyyxY pic.twitter.com/SVEm8o95U6
— PeckShieldAlert (@PeckShieldAlert) October 11, 2022
Mango Markets Mauled
The loss of $2.3 million was dwarfed by the amount pilfered from the Solana-based Mango Markets DeFi derivatives platform a few hours later.
On Oct. 12, Mango Markets reported that it had suffered an exploit due to an attacker manipulating an oracle price and draining liquidity. As much as $100 million appears to have been pilfered in the hack.
What actually occurred was a self-funded economic attack with the exploiter loading up an account with $5.5 million USDC. They then used this to take out a perpetual futures contract for the MNGO token and traded against it. This manipulated the price of MNGO upwards, allowing the attacker to take out Mango treasury loans and drain the liquidity before it crashed.
Blockchain security firm OtterSec was one of the first to report and explain the exploit, which did not involve flash loans.
We’re continuing to investigate the recent Mango Markets hack.
Let’s clear up some misinformation. 🧵 pic.twitter.com/hCtTwz1l5c
— OtterSec (@osec_io) October 12, 2022
The attacker has since opened a Mango DAO governance proposal that all bad debts be paid from the $70 million treasury for a return of the stolen tokens and a bounty for the perpetrator.
MNGO token prices have dumped around 50% since the attack, and there is little liquidity left in the protocol to settle outstanding derivative contracts.
QANplatform Hacked
The third attack to occur over the past day was a bridge exploit on the QANplatform. As reported by CryptoPotato on Oct. 11, around $1 million was stolen from the quantum-resistant layer-1 blockchain causing its QANX token price to collapse.
Almost half of the protocol’s token supply of 3.3 billion was stolen in this latest bridge attack.
The three exploits come less than a week after BNB Chain was drained for as much as $500 million forcing the company to freeze the network.
Binance Free $100 (Exclusive): Use this link to register and receive $100 free and 10% off fees on Binance Futures first month (terms).
PrimeXBT Special Offer: Use this link to register & enter POTATO50 code to receive up to $7,000 on your deposits.
Source: https://cryptopotato.com/defi-exploit-season-templedao-and-mangomarkets-lose-millions-in-attacks/