DAO Maker becomes latest DeFi hacking victim: over $7 million stolen
DAO Maker becomes latest DeFi hacking victim: over $7 million stolen By Hannah Perez

A total of 5,251 DAO

Maker users were affected by the hack, and the average user lost USD $1,250. The platform is not related to MakerDao.

***

New day, new hacking attack for a DeFi.

This Thursday, crowdfunding platform DAO

Maker became the latest victim of a hack within the decentralized finance (DeFi) space. Hackers hacked the platform, managing to extract more than USD $7 million.

DAO Maker CEO Christoph Zaknun reported on the event in a blog post where he detailed that the hackers stole $7 million in USD Coin (USDC) stablecoin

from 5,251 user accounts. The attack occurred at approximately 1:00 am UTC this Thursday.

In a Twitter thread, the DAO Maker team added that the average user lost USD $1,250, but that people with deposits under $900 “have not been affected at all.” They also reported that Blockchain forensic analysis company CipherBlade

is already investigating the situation.

It should be noted that DAO Maker, a site aimed at raising money for cryptocurrency projects, has no relation to the well-known MakerDAO, the DeFi protocol behind the stablecoin Dai (<a href=”https://www.diariobitcoin.c

om/glossary/dai/” target=”_blank” rel=”noopener”>DAI).

A “silly mistake” in the contract

The attacker reportedly exploited a flaw in the protocol’s smart contract to initially steal USDC10,000, then made 15 more transactions to acquire additional funds, the platform reported. The team at China-based security analytics firm Blockchain China-based security analytics firm PeckShield also agreed that the hacker took advantage of a “silly mistake” in the DAO Maker contract.

See also  Bitcoin in escrow? Why it's going to get harder and harder to withdraw your cryptocurrencies from Binance

A spokesperson for the firm explained to the Crypto Briefing media outlet that this vulnerability could have given an unknown third party the privilege to transfer funds. Zaknun’s post-mortem analysis confirmed this theory:

We should announce that in the early hours of August 12 (at approximately 1 a. M. UTC), DAO Maker faced a malicious use of one of our wallets with access to administrator privileges.

As such, the hacker transferred a total amount of 7,376,245 in USDC from an address at Ethereum to the decentralized exchange Uniswapwhere he exchanged them for 2,261 ether.

According to Crypto Briefing, analysts reported that the attacker was able to use to withdrawal functions as the contract lacked proper security controls. They have also pointed out that the hacked contract was not verified on Etherscan. Failure to verify is generally considered a red flag and suggests that the team was negligent in their work.

Another DeFi hacked

Earlier, users of DAO Maker’s Telegram group reported that their USDC balances had been reduced to zero. Meanwhile, all deposits on the contract have been disabled and the price of the platform’s native token, called DAO, appears to be negatively affected by the events.

The DAO token has plummeted nearly 13% in the last 24 hours, according to data from Coinmarkerkercapand is trading at USD $1.69. The cryptocurrency had recorded a price peak last April 21 above USD $8 a unit.

The developers of the DAO Maker platform announced that they would be working on a compensation plan for all affected users.

The hack to <a href=”https://www.diariobitcoin.com/glossary/dao/” target=”_blank” rel=”noopener”>DAOMaker comes on the heels of one of the largest hacking attacks on a DeFi platform. As reported by DiarioBitcoin, on Tuesday of this week the interoperability protocol Blockchain, Poly Network, was the victim of a hack that resulted in the loss of more than USD $600 million. Although, in an unexpected turn of events, the attacker contacted the platform to express interest in cooperating with developers and has already begun returning some of the stolen funds.

See also  Mining on ViaBTC? Here we tell you all about this mining pool.

Recommended Reading

Sources: CoinDesk, Crypto Briefing, Twitter, archive

Version by Hannah Estefania Perez / DiarioBitcoin

Image from Unsplash