TempleDAO, the DeFi agreement, and STAX Finance, the related business, lost $2.34 million in the hacker intrusion on Tuesday. It is reported that the system vulnerability is mainly caused by insufficient access control of the migrateStack function, which does not check and type the main parameters of oldStaging.
Twitter shared the information about hackers' invasion of DeFi service platform and how the stolen funds were transferred.
STAX identified the attack on the platform and said that they were dealing with the incident, which has now stabilized. It wrote that a total of 321154 XLPs were stolen by network hackers. The stolen tokens were replaced with 1.3 million FRAX and 1.4 million TEMPLE. TEMPLE tokens are then sold at FRAX.
TempleDAO points out to the customer:
There is no common code between the fresh-keeping warehouse contract and STAX, which has been approved by PeckShield and kept safe.
STAX suggested that the customer never increase funds in the agreement before solving the problem, and pointed out that dApp has been terminated to avoid accidental browsing.
In addition, STAX also emphasizes that it has "tracked Binance". It must try to regulate or limit the liquidity according to the trading platform. Several reports said that the perpetrators first transferred money from the Binance account.
According to basic research, attack is possible. After all, there is incorrect access control on chip related smart contracts. A cyber attack can create a misstatement smart contract that enables special functions and requires transfers.