Completely baffles me how they could have overlooked that mint function despite having their smart contract audited thrice. Either the companies that audited the contract are grossly incompetent or there's a collusion somewhere.
Don't know which is more terrifying.
Stealing this from
here. But...
From their official response here :
https://medium.com/oysterprotocol/oyster-update-b813390ce10eOr more so this quote :
Despite Oyster passing three separate smart contract audits, we were told by Bruno Block, the original founder and chief architect of the project, that the directorship of the token contract had to remain open so that the peg could be adjusted over time.
It's clear they actually knew that the minting function existed, but were told by "Bruno" that it was necessary to keep it there. So essentially three times, they were probably told that this minting function was dangerous but were told by the architect to keep it (Who then stole 300k USD worth of tokens).
Working all these months with an anonymous founder is bad enough. However, it still doesn't explain the motives behind someone wanting to sabotage their own project when the evidence can easily be traced back to them.