DAO Maker Suffers $7M Exploit, Another DeFi Hack!

Spotlight

  • The hackers were able to remove almost $7 million in USDC from 5,251 DAO accounts at 1 am UTC yesterday.
  • CipherBlade, a blockchain intelligence agency, is investigating the attack and has identified a Binance account related to the attacker.
  • The DAO token price decreased by about 15% thus decreasing from $1.95 to $1.70.

DAO Maker is a website that aims at raising money for various crypto projects. DAO Maker was exploited for $7 million worth of USDC yesterday. The hackers behind this exploitation stole these funds out of more than 5000 accounts on this platform. According to the data from the report of Christoph Zaknun, the CEO of DAO Maker, the hackers were able to remove almost $7 million in USDC from 5,251 DAO accounts at 1 am UTC yesterday. One of the analyst companies, PeckShield said that this attack by the hackers was the result of the presence of a “dumb bug” in one of the firm’s smart contracts. This kept DAO Maker in a vulnerable position and thus gave the third party a privilege to transfer these funds out.

DAO Maker Suffers Huge Losses

The company further said that due to this vulnerability, the hacker at first stole 10,000 USDC, and then he made 15 more transactions to acquire additional funds. In an AMA on Twitch, the DAO Maker CEO said, “One of the reasons why this did happen is probably that the number of deposits within the [Strong Holder Offering] contract really exceeded our expectations. Initially, we never expected more than $2.5 million to be deposited there, but over time, the SHOs became very popular.” The losses currently average at $1,250 per user. After the exploit, the company reassured users with up to $900 in their accounts “have remained completely unaffected”. Now, the platform is transferring funds to various wallets. However, the project announced that it will suspend all incidents and wait for a complete root cause analysis.

CipherBlade, a blockchain intelligence agency, is investigating the attack and has identified a Binance account related to the attacker. The platform also announced that it will investigate compensation for all affected users. According to CoinGecko, the firm’s native token has also suffered a lot because of this hack. The token price decreased by about 15% thus decreasing from $1.95 to $1.70.

The attack on the crowdfunding platform took place after one of the biggest hacks in the DeFi space. This week, a stranger used a vulnerability on cross-chain protocol Poly Network. He did it to remove more than $600 million from three chains. Since then, he has returned $258 million in funds. Also, he directly talked with Poly Network users on the message embedded in the Ethereum transaction on the AMA. They seem to have no plan to transfer funds after the successful theft. They claimed that they did it “for fun” because everyone is talking about cross-chain hacking.