Insufficient validation on an OHM smart contract at Bond Protocol allowed an attacker to drain 30,437 OHM (~$300,000) from the Olympus DAO defi protocol.
Olympus DAO wrote in an announcement that « This bug was not found by 3 auditors, nor by our internal code review, nor reported via our Immunefi bug bounty. » They also noted that because they had done a phased rollout of the contract, only a limited amount of the project’s substantial funds were at risk.
Olympus DAO initially announced that they would « compensate all affected bonders in full », but later revealed that the stolen funds had been returned. According to The Block, the Olympus team had successfully tracked the hacker and negotiated the return of the funds.