Hackers use Tornado Cash to launder TempleDAO’s stolen ETH assets

TempleDAO, a DeFi staking protocol was recently hacked on October 11 by malicious attackers who stole 1,830 ETH worth 350 million yen. According to recent reports, the hackers used the crypto mixer platform Tornado Cash to illegally transfer the stolen Ethereum (ETH) assets into unknown wallets on October 14. 

The hackers attacked the vulnerability of TempleDAO’s STAX  staking protocol function to drain out crypto assets illegally. This function enables users to transfer their staked tokens in the oldest contract to a newer one. The attackers used a fake address to enter the platform and took out funds on their own address instead of the new contract. 

According to TempleDAO, the platform was yet to be audited and was running on alpha, which made it easier for malicious actors to breach the contract. The team promised to get their system audited after the attack happened. 

“The issue is under control and the hackers cannot do any more damage. We plan to take remedial action for all affected users,” they shared in a Twitter post.

HatsFinance introduces a new bug bounty smart contract

TempleDAO has announced it will open a bug bounty program by using HatsFinance’s new smart contract which makes it easier to negotiate with hackers. The platform will reward the hacker once they transfer the funds back to TempleDAO. 

HatsFinance also issued a statement saying if the hackers returned all the funds, they will receive 30% back as a bounty and no legal action will take place against them. 

Hackers users Tornado Cash

Instead of negotiating with TempleaDAO, hackers are using the crypto mixer platform Tornado Cash to stay anonymous and untraceable from the authorities to transfer the stolen funds into unknown wallets.

Tornado Cash is one of the most common platforms used by hackers and money launderers to transfer money without any trace. The site was recently sanctioned by the US in hopes to reduce cybercriminal activities in the crypto industry. 

Now the question is, will TempleDAO be able to negotiate with hackers or suffer from a huge financial loss?

• About author
• Disclaimer

news room

Keep up with latest news and announcements in Web3 world with NFTStudio24, Japan's first media platform built on blockchain technology revolutionizing the age of news and reporting.

The content provided here is for general informational purposes only. It should not be considered as professional advice. Any actions taken based on this information are at your own risk. We do not assume any responsibility or liability for the accuracy, completeness, or suitability of the information. Always consult with a qualified professional for specific advice related to your circumstances.