https://cryptoslate.com/temple-dao-hacked-for-over-2-3m/
According to Peckshield, the hacker funded the attack from SimpleSwap and has transferred 1,831 ETH to a new address, 0x2B63d.
TempleDAO retweeted a Twitter thread about the exploit from the DeFi protocol Stax Finance. According to the thread, 321,154 xLP tokens were stolen from the xLP Staking contract and converted to 1,418,303 $TEMPLE tokens and 1,262,438 $FRAX. The TEMPLE tokens were also later sold for FRAX.
It was revealed that the hacker exploited a “missing onlyMigrator check” function in the StaxLPStaking contract.
Meanwhile, TempleDAO has taken down the dApp to avoid accidental usage. The team urged the hacker to return the funds, offering him a legal bounty for the exploit.
Another blockchain security firm CertiK wrote that the “cause of this attack is that migrateStake function does not check if the input oldStaking is expected. As a result, attackers can forge oldStaking contracts to arbitrarily add balances.”