- DAO Maker, often confused with MakerDAO, has suffered a $7 million hack.
- A total of 5251 users have been affected, with each user losing $1,250 on average.
- The hack of DAO Maker reflects the current model of exposing DeFi and other blockchain code vulnerabilities.
In its current state, blockchain is a prototypical technology, confronted with acclaimed innovative sequences and implementation deficiencies. Its innovative nature attracts curious minds, eager to flaunt their technological understanding, while incentivized by high financial yields. Unfortunately, smart contract loopholes, exploited by bad actors with good intentions, reflect the continuing development status of its infrastructure. The DAO Maker has subsequently become the next protocol to fall prey to hackers.
DAO’s Got Hacked
Often confused with MakerDAO, the DAO Maker, a cryptocurrency crowdfunding platform that helps start-ups to obtain funding, fell victim to an attack. As reported by WuBlockchain, and confirmed by DAO Maker, the hack saw $7 million in funds withdrawn from one wallet after an entity with ‘admin privileges’ performed a total of 16 transactions, after successfully withdrawing $10,000 in UDSC.
The blockchain’s statement indicates that DAO Maker’s security managed to stop the hack, which affected a total of 5,251 users, each of whom lost approximately $1,250 on average. Moreover, DAO maker reports that users with total funds under $900 were not affected. Christoph Zaknun, DAO Maker’s CEO, affirmed that the situation has been “taken care of,” indicating the vulnerability targeted SHO contracts. He also explained that platform vaults are compact to prevent personal and company access from withdrawing user funds.
BlocSec, a cryptocurrency firm, has suggested that the hack was due to lost, or stolen, private keys, or an internal conflict that revealed sensitive information. DAO Maker emphasized that they will reach out to all affected users following the release of a “compensation plan” outline to find a resolution. In addition, they have engaged Cipher Blade, a blockchain forensics company, to track the attacker’s location. Primary data shows that the company has already identified a Binance account associated with the attack.
On The Flipside
- Cipher Blade has shared the hacker’s wallet with every crypto exchange with the intention of preventing future exploits from this source.
- The owners of DAO Maker cannot remove or adjust the code and have insider privileged access.
- DAO Maker has moved most of the funds to another secure source to prevent a recurring attack on the same contract.
The Hack Following A Hack
The attack on DAO Maker follows the footsteps of the largest DeFi hack in history, during which the Poly Network was hacked for $600 million. While the DAO hack had a much lower financial impact, the Poly Network hacker has come forward and agreed to return all of the funds while also refusing to accept the bounty reward.
DAO Maker has currently capped the maximum deposit to $10,000 USDC while investigations are underway in order to prevent another THORChain instance, in which the protocol was successively hit, in attacks that incurred seven-figure losses each time. As the market continues to recover, the industry has been shaken by bad actors, causing more than just financial damage, though the market seems resilient, if not immune to news action.
Why You Should Care?
Blockchain is still an immature technology that is actively developing. Therefore, adding assets in financially rewarding blockchain products that involve adding and securing assets comes with risk. While tracing and tracking has become easier, it is difficult to hold blockchains accountable for their mishaps due to acting in an unregulated market with limited protections.