By Hannah Perez
A total of 5,251 DAO
Maker users were affected by the hack, and the average user lost USD $1,250. The platform is not related to MakerDao.
New day, new hacking attack for a DeFi.
This Thursday, crowdfunding platform DAO
Maker became the latest victim of a hack within the decentralized finance (DeFi) space. Hackers hacked the platform, managing to extract more than USD $7 million.
from 5,251 user accounts. The attack occurred at approximately 1:00 am UTC this Thursday.
In a Twitter thread, the DAO Maker team added that the average user lost USD $1,250, but that people with deposits under $900 “have not been affected at all.” They also reported that Blockchain forensic analysis company CipherBlade
is already investigating the situation.
SHO Contract Exploits
Read Full Statement: https://t.co/g55dI6Wt1U
-Total of 7M was stolen from 5521 users; the average user lost $1250 USD.
It should be noted that DAO Maker, a site aimed at raising money for cryptocurrency projects, has no relation to the well-known MakerDAO, the DeFi protocol behind the stablecoin Dai (<a href=”https://www.diariobitcoin.c
A “silly mistake” in the contract
The attacker reportedly exploited a flaw in the protocol’s smart contract to initially steal USDC10,000, then made 15 more transactions to acquire additional funds, the platform reported. The team at China-based security analytics firm Blockchain China-based security analytics firm PeckShield also agreed that the hacker took advantage of a “silly mistake” in the DAO Maker contract.
A spokesperson for the firm explained to the Crypto Briefing media outlet that this vulnerability could have given an unknown third party the privilege to transfer funds. Zaknun’s post-mortem analysis confirmed this theory:
We should announce that in the early hours of August 12 (at approximately 1 a. M. UTC), DAO Maker faced a malicious use of one of our wallets with access to administrator privileges.
According to Crypto Briefing, analysts reported that the attacker was able to use to withdrawal functions as the contract lacked proper security controls. They have also pointed out that the hacked contract was not verified on Etherscan. Failure to verify is generally considered a red flag and suggests that the team was negligent in their work.
Another DeFi hacked
Earlier, users of DAO Maker’s Telegram group reported that their USDC balances had been reduced to zero. Meanwhile, all deposits on the contract have been disabled and the price of the platform’s native token, called DAO, appears to be negatively affected by the events.
The DAO token has plummeted nearly 13% in the last 24 hours, according to data from Coinmarkerkercapand is trading at USD $1.69. The cryptocurrency had recorded a price peak last April 21 above USD $8 a unit.
The developers of the DAO Maker platform announced that they would be working on a compensation plan for all affected users.
The hack to <a href=”https://www.diariobitcoin.com/glossary/dao/” target=”_blank” rel=”noopener”>DAOMaker comes on the heels of one of the largest hacking attacks on a DeFi platform. As reported by DiarioBitcoin, on Tuesday of this week the interoperability protocol Blockchain, Poly Network, was the victim of a hack that resulted in the loss of more than USD $600 million. Although, in an unexpected turn of events, the attacker contacted the platform to express interest in cooperating with developers and has already begun returning some of the stolen funds.
Version by Hannah Estefania Perez / DiarioBitcoin
Image from Unsplash